2024-004 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Child and Adult Care Food Program.
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N1199; 237WAWA3N1099; 237WAWA3N2020; 237WAWA4N1150; 247WAWA3N1199; 247WAWA3N1099; 247WAWA3N2020; 247WAWA3N1038; 247WAWA4N1150; 247WAWA4N1050
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-003
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth, and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. The Office spent about $46.9 million in federal funds, more than $46.3 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the state agency and operate as an independent center.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified to a subrecipient as a subaward, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, name of the federal awarding agency, the program’s Assistance Listing Number and title, obligation amounts, project periods and more. When some of this information is not available, the pass-through entity must provide the best information available to describe the federal award and subaward. In addition, pass-through entities must impose requirements on subrecipients so that they use the program funds in accordance with federal statutes, regulations, and the federal award’s terms and conditions.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Child and Adult Care Food Program. The prior finding number was 2023-003.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Child and Adult Care Food Program.
We identified 279 nonprofit subrecipients of the program who were paid with federal funds during fiscal year 2024 and were subject to the Uniform Guidance requirements. We examined the various methods that the Office used to communicate the required federal award identification elements to subrecipients. These methods included periodic permanent agreements, an annual application process, and program communications during the current program year. We found that these methods did not properly communicate all federal award elements, terms and conditions, and other federal award requirements to the subrecipient.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Management responsible for ensuring compliance were not familiar with subrecipient monitoring requirements. As a result, management did not know that the program must identify and communicate the federal award identification elements to subrecipients, and that permanent agreements and annual application renewals do not constitute or substitute for a formal subaward.
During the audit period, the Office developed written procedures to address this issue to ensure it submits all elements as required, but did not implement this process until after the end of the audit period.
Effect of Condition
Without proper identification and communication of the federal award, the Office cannot properly notify subrecipients about the required federal award elements, nor impose requirements so the subrecipients use the federal award in accordance with its terms and conditions, federal statutes, and regulations. Further, the Office cannot impose any additional requirements of the pass-through entity on the subrecipient to meet its own responsibilities to the federal awarding agency, as well as other requirements as specified in the Uniform Guidance.
Recommendations
We recommend the Office:
• Establish policies and procedures to ensure subawards are clearly identified as a subaward and communicate all required information according to the Uniform Guidance
• Establish internal controls to formally communicate federal award information and requirements to subrecipients
• Consult with the grantor for additional guidance on subrecipient monitoring requirements
Office’s Response
OSPI concurs with the finding for federal award elements. This is an agreement based on the cycle year and that this was performed outside the audit timeline.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-005 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with required monitoring of subrecipients of the Child and Adult Care Food Program
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N1199; 237WAWA3N1099; 237WAWA3N2020; 237WAWA4N1150; 247WAWA3N1199; 247WAWA3N1099; 247WAWA3N2020; 247WAWA3N1038; 247WAWA4N1150; 247WAWA4N1050
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-002
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. During fiscal year 2024, the Office spent about $46.9 million in federal funds, more than $46.3 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the state agency and operate as an independent center.
Federal regulations require the Office to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial and performance reports and taking timely and appropriate action on all deficiencies pertaining to the federal award. The federal grantor, the U.S. Department of Agriculture (USDA), requires states to monitor subrecipients at least once every three years.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with required monitoring of subrecipients of the CACFP. The prior finding number was 2023-002.
Description of Condition
The Office did not have adequate internal controls over and did not comply with required monitoring of subrecipients of the CACFP.
During the audit period, the Office identified 228 subrecipients for monitoring in accordance with the federal regulations. However, the Office did not comply with the regulations, as it did not monitor 23 subrecipients within the required three-year timeframe.
We examined a sample of 23 subrecipients that were scheduled to receive financial and programmatic monitoring by the Office during the audit period, to ensure they were performed properly. The Office did not monitor three of the subrecipients, which are included in the 23 referenced above. We found the other 20 subrecipients received adequate monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
A single Program Specialist was responsible for monitoring all 23 subrecipients that fell out of the required three-year monitoring cycle. Due to inadequate management oversight, these subrecipients were not monitored within the required timeframe.
Effect of Condition
Without establishing adequate internal controls, the Office cannot reasonably ensure that it can
meet the minimum monitoring requirements imposed by the federal grantor. In addition, without proper and timely monitoring of financial and programmatic performance, the Office does not have reasonable assurance that each subrecipient has complied with the terms and conditions of the subaward.
Recommendation
We recommend the Office strengthen internal controls to ensure it monitors all subrecipients according to the grantor’s minimum requirements and other federal regulations.
Office’s Response
Based on the updated exceptions, OSPI accepts the finding for CACFP (ALN 10.558) - Subrecipient Monitoring: Monitoring Activity.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities.
Title 2 CFR Part 200, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 7 CFR Part 226.6, State agency administrative responsibilities state in part:
(m) Program assistance —
(6) Frequency and number of required institution reviews. The State agency must annually review at least 33.3 percent of all institutions. At least 15 percent of the total number of facility reviews required must be unannounced. The State agency must review institutions according to the following schedule:
(i) At least once every 3 years, independent centers and sponsoring organizations that operate 1 to 100 facilities must be reviewed. A sponsoring organization review must include reviews of 10 percent of the sponsoring organization's facilities.
(ii) At least once every 2 years, sponsoring organizations that operate more than 100 facilities, that conduct activities other than CACFP, that have been identified during a recent review as having serious management problems, or that are at risk of having serious management problems must be reviewed. These reviews must include reviews of 5 percent of the sponsoring organization's first 1,000 facilities and 2.5 percent of the sponsoring organization's facilities in excess of 1,000.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-006 The Office of Superintendent of Public Instruction did not have internal controls over and did not comply with requirements to verify single audits were completed for all subrecipients of the Child and Adult Care Food Program.
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N1199; 237WAWA3N1099; 237WAWA3N2020; 237WAWA4N1150; 247WAWA3N1199; 247WAWA3N1099; 247WAWA3N2020; 247WAWA3N1038; 247WAWA4N1150; 247WAWA4N1050
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-004
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth, and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. In fiscal year 2024, the Office spent about $46.9 million in federal funds, more than $46.3 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the state agency and operate as an independent center.
Federal regulations require the Office to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient for applicable audit findings pertaining to the federal award
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not comply with requirements to verify single audits were completed for all subrecipients of the Child and Adult Care Food Program. The prior finding number was 2023-004.
Description of Condition
The Office did not have internal controls over and did not comply with requirements to verify single audits were completed for all CACFP subrecipients.
The Office had processes in place to monitor that subrecipients received single audits. During the audit period, the Office had 464 CACFP subrecipients, and 45 of them were local education agencies (LEAs) or school districts. The Office’s federal compliance staff had a centralized process for LEAs to ensure they received the required audits, and we found these controls were effective.
For the 419 subrecipients that were not LEAs, the Office used information in the Federal Audit Clearinghouse (FAC) to identify subrecipients requiring a single audit. If a subrecipient that required a single audit did not complete or file its audit report timely, then the information in the FAC database would lead the Office to erroneous conclusions. As a result, we determined that the Office did not have adequate controls to identify all subrecipients that required a single audit.
We also determined the Office did not have adequate documentation that this single audit tracking process was completed during the audit period. We identified 75 subrecipients in this documentation that program staff compiled from the FAC database, and we used a statistical sampling method to randomly select and examine 13 of those subrecipients. We also judgmentally selected one subrecipient that had a program-related finding during the audit period, for a total of 13 testing samples. We found that one of these subrecipients required a single audit, but did not complete or did not submit its audit report during the audit period. The Office did not have any record that staff followed up with this subrecipient regarding the missing audit report.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office developed written procedures to address issues identified in the prior audit to ensure it tracks all subrecipients that require single audits, but did not implement the process until after the audit period had ended.
Effect of Condition
Without establishing adequate internal controls, the Office cannot ensure that all subrecipients requiring a single audit receive one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure it identifies all subrecipients requiring single audits and follows up on any program-related findings, if applicable
• Follow up with the subrecipient we identified as not having an audit to ensure it obtains its required single audit
Office’s Response
The Office concurs with the finding. The Office continues to implement the corrective action plan from the previous audit finding February 2024. Note the single audit review takes place annually between August and December of each year.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Audit findings, establishes requirements for pass-through entities.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-007 The Employment Security Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the Benefit Accuracy Measurement program of the Unemployment Insurance program in a timely manner.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34748-20-55-A-53; UI-37098-21-55-A-53; UI-37256-22-55-A-53; UI-38013-22-60-A-53; UI-39303-23-55-A-53; UI-39355-23-55-A-53; UI-00003-23-60-A-53; UI-00056-23-60-A-53; UI-00101-23-60-A-53; UI-00032-24-55-A-53; UI-00030-24-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – UI Benefit Payments
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-009
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits to unemployed workers under the Unemployment Compensation program for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs.
The Improper Payment Elimination and Recovery Act of 2010 requires state workforce agencies to maintain a quality control system. The Benefits Accuracy Measurement (BAM) program is the U.S. Department of Labor’s quality control system designed to assess the accuracy of unemployment insurance benefit payments and denied claims in separation status. The program estimates error rates and dollar amount of benefits improperly paid or denied by projecting the results from investigations in a state.
The Employment Security Department administers the state’s UI program. During fiscal year 2024, the Department paid more than $1.9 billion in unemployment insurance benefits to Washington residents.
Under the BAM program, the Department is required to draw a weekly sample of payments and denied claims. The Department must complete this sampling promptly and conduct an in-depth investigation of the claims to determine the degree of accuracy in administering the state’s Unemployment Compensation program and compliance with federal law (20 CFR 602.21(d)). The Department has established a dedicated BAM unit to meet these requirements.
The Benefit Accuracy Measurement State Operations Handbook, published by the U.S. Department of Labor’s Employment and Training Administration, indicates the time frame and requirements for conducting BAM program case sampling for paid claims. States must complete reviews of:
• Seventy percent of the sampled cases within 60 days of the week ending date of the batch; and
• Ninety five percent of the sampled cases within 90 days of the week ending date of the batch; and
• Ninety eight percent of sampled cases within 120 days of the ending date of the annual report period.
Additionally, states must sample denied claims and review:
• Sixty percent of the sampled cases within 60 days of the week ending date of the batch; and
• Eighty five percent of the sampled cases within 90 days of the week ending date of the batch; and
• Ninety eight percent of the sampled cases within 120 days of the end of the calendar year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported that the Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner. The prior finding numbers were 2023-009, 2022-006, 2021-005 and 2020-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner.
The Department did not effectively recruit, develop and retain staff to ensure it materially complied with the BAM program’s case review requirements.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not adequately staff its BAM unit with resources sufficient to meet BAM program requirements. Management did not allocate sufficient resources to the BAM unit and did not effectively retain its investigative staff assigned to the BAM unit to support its minimum required caseload. Additionally, management did not adequately monitor investigative staff caseloads and case completion rates to ensure the Department would meet the minimum federal requirements for conducting case reviews.
Effect of Condition
The Department did not comply with the federally required timelines for completing its case sampling.
For paid claims, we found the Department:
• Failed to complete the minimum required annual allocation for sampling of paid claims, completing 441 of the required 480 samples as of the audit period end date
• Completed only 430 (90%) of its 480 sampled cases within 90 days of the ending date of the annual report period, failing to meet the federal requirement of 95%
• Completed only 441 (92%) of its 480 sampled cases within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98%
For denied claims, we found the Department:
• Failed to complete the minimum required annual allocation for sampling of denied claims, completing 440 of the required 450 samples as of the audit period end date
• Completed only 145 (96%) of its 151 sampled cases of monetary denials within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98%
• Completed only 146 (97%) of its 151 sampled cases of separation denials within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98%
By not complying with the federally required timelines for completing case sampling, the Department cannot fully evaluate the accuracy of its claim decisions and is less likely to detect fraudulent payments.
Recommendation
We recommend the Department allocate the necessary staffing resources to ensure it complies with the U.S. Department of Labor’s timelines for BAM case sampling.
Department’s Response
The Department concurs with the recommendation. The Department did meet case sampling requirements for both paid and denied claims, but did not meet the timeliness requirements as stated in the effect of condition.
The Department has implemented increased oversight of case load to ensure timelines for both claim types are met.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 CFR Part 602, Quality Control in the Federal-State Unemployment Insurance System, section 21, Standard methods and procedures, establishes the requirements for states to conduct representative case sampling for quality control study of unemployment benefit claims, which state in part:
602.21 Standard methods and procedures.
Each State shall:
a. Perform the requirements of this section in accordance with instructions issued by the Department, pursuant to 602.30(a) of this part, to ensure standardization of methods and procedures in a manner consistent with this part;
b. Select representative samples for QC study of at least a minimum size specified by the Department to ensure statistical validity (for benefit payments, a minimum of 400 cases of week paid per State per year;
c. Complete prompt and in-depth case investigations to determine the degree of accuracy and timeliness in the administration of the State UC law and Federal programs with respect to benefit determinations, benefit payments, and revenue collections; and conduct other measurements and studies necessary or appropriate for carrying out the purposes of this part…
f. Furnish information and reports to the Department, including weekly transmissions of case data entered into the automated QC system and annual reports, without, in any manner, identifying individuals to whom such data pertain;
The U.S. Department of Labor, Employment and Training Administration Benefit Accuracy Measurement State Operations Handbook – ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 13: Completion of Cases and Timely Data Entry, states in part:
The following time limits are established for completion of all cases for the year. (The “year” includes all batches of weeks ending in the calendar year.):
• A minimum of 70% of cases must be completed within 60 days of the week ending date of the batch, and 95% of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98% of cases for the year must be completed within 120 days of the week ending date of the calendar year.
ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 12: Sampling Selection, states in part:
The annual sample sizes for UI paid claims and the three types of denials are fixed by DOL for the calendar year. BAM supervisors may change the weekly sample sizes in the input control record to accommodate investigator vacation schedules or other staffing contingencies. However, states are expected to pull at least the minimum number of cases each week. States may not over sample during a portion of the year in order to meet the annual sample allocation and then suspend sampling for the remainder of the calendar year. The minimum weekly and quarterly samples, based on current annual sample allocations are:
Sample Annual Allocation Normal Weekly Minimum Weekly Normal Quarterly Minimum Quarterly
Paid Claims 360* 7 5 90 81
Paid Claims 480 9 6 120 108
Denials 150/450** 3 2 37-38 32
*Allocation for ten smallest states in terms of UI workload.
**150 cases of each monetary, separation, and non-separation denials will be selected each year, for a total of 450 DCA cases.
ET Handbook No. 395, 5th Edition, Chapter VIII – Denied Claims Accuracy (DCA), Section 7: Completion of DCA Cases and Timely Data Entry, states in part:
As in paid claims, prompt completion of investigations is important to ensure the integrity of the information being collected by questioning claimant and employers before the passage of time adversely affects recollections. However, due to the fact that contacting the claimant and obtaining claimant information is more difficult than in paid claims, the timeliness standards differ as the following indicates:
• A minimum of 60% of cases must be completed within 60 days of the week ending date of the batch, and 85% of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98% of cases must be completed within 120 days of the ending date of the Calendar Year.
2024-008 The Employment Security Department did not have adequate internal controls to ensure compliance with federal requirements to annually certify that employer tax credits reported under the Federal Unemployment Tax Act are matched against employer contributions paid under the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34748-20-55-A-53; UI-37098-21-55-A-53; UI-37256-22-55-A-53; UI-38013-22-60-A-53; UI-39303-23-55-A-53; UI-39355-23-55-A-53; UI-00003-23-60-A-53; UI-00056-23-60-A-53; UI-00101-23-60-A-53; UI-00032-24-55-A-53; UI-00030-24-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions - Match with IRS 940 FUTA Tax Form
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The Unemployment Insurance (UI) program was created by the Social Security Act and provides benefits to unemployed workers under the Unemployment Compensation program for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2024, the Department paid more than $1.9 billion in unemployment insurance benefits to Washington residents.
The Federal Unemployment Tax Act (FUTA) provides for cooperation between the federal and state governments in establishment and administration of unemployment insurance. The IRS is responsible for receiving and processing the Form 940, Employer’s Annual Federal Unemployment Tax Return, or Schedule H for annual reporting of employer tax credits. The IRS uses the FUTA Certification Program to verify with states that the credits employers claimed on the Form 940, or Schedule H, were actually paid into the state unemployment fund.
The IRS Guide for Certification of State FUTA Credits (Guide) establishes the instructions for the certification of the states FUTA Tax Credits. Every September, the IRS creates a FUTA Identification Data File containing employer information, including FUTA tax credits reported, and distribute the file to states to verify tax credits reported to the IRS are accurate. The Guide stipulates that each state is responsible for certifying that this report is correct by reviewing the first 50 employers that have total state wages reported at zero (Zero Certification) and the first 50 employers that have total state wages reported at more than zero (Non-Zero Certification). The Department is required to trace the employer’s tax payments in the Next Generation Tax System (NGTS).
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with federal requirements to annually certify that employer tax credits reported under the FUTA are matched against employer contributions paid under the UI program.
The Department did not review the required minimum number of employer accounts before submitting its annual certification to the IRS. Specifically, we found the Department reviewed 98 of the 100 required samples of employers to ensure each employer reported the correct amount of unemployment contributions paid into the State's unemployment fund.
We consider these internal control deficiencies to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively design its internal controls to ensure accuracy of the certification to the IRS. Additionally, management did not adequately review employer account reconciliations its staff performed to ensure they reviewed the required number of accounts.
Effect of Condition
By not establishing adequate internal controls to ensure it reconciles all employer accounts requiring review before certification to the IRS, the Department cannot comply with federal requirements to verify FUTA tax credits are accurately reported to the IRS.
Recommendation
We recommend the Department improve its internal controls to ensure it reviews all employer accounts in accordance with federal requirements before certifying the report to the IRS.
Department’s Response
The Department thanks SAO for its work in this area and concurs with the finding. The Department is committed to ensuring our programs comply with federal regulations. The Department will recommunicate the requirement of minimal account review prior to filing the report.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
IRS Guide for the Certification of State FUTA Credits (September 2023 edition), Review Procedures, states in part:
After the FUTA Certification Data has been prepared and before transmission, the state should review the quality of the data. This review will minimize the number of re-transmission requests from the HQ staff.
Follow these review procedures:
1. Print two copies of the first 50 Zero Certification records (records where the total state wages are zero) and of the first 50 Non-Zero Certification records (records where the total state wages are other than zero). Use one copy to verify the format and components of the records against the specifications in this Publication.
2. With the second copy, using the EIN, request manual certification of these records from your appropriate state function. Compare the manual certifications with the print of the computer certifications to verify the data is the same. Remember the state reporting number provided is an additional research tool to help find the certification data for the EIN.
2024-009 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the Unemployment Insurance program to identify people likely to need reemployment services and ensure staff providing those services received required training.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34748-20-55-A-53; UI-37098-21-55-A-53; UI-37256-22-55-A-53; UI-38013-22-60-A-53; UI-39303-23-55-A-53; UI-39355-23-55-A-53; UI-00003-23-60-A-53; UI-00056-23-60-A-53; UI-00101-23-60-A-53; UI-00032-24-55-A-53; UI-00030-24-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – UI Reemployment Programs: Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-010
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department (Department) administers the state’s UI program. During fiscal year 2024, the Department paid more than $1.9 billion in unemployment insurance benefits to people in Washington.
The Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA) programs serve as the primary programs that facilitate the reemployment of UI claimants. RESEA is authorized by Section 306 of the Social Security Act, and it uses an evidence-based integrated approach that combines an assessment for continuing UI eligibility and the provision of reemployment services. The Department uses a RESEA program to satisfy the WPRS mandate in accordance with federal requirements, and its program design is documented in the RESEA State Plan approved by the U.S. Department of Labor.
According to the Department’s RESEA State Plan, the agency profiles unemployment claimants using a scoring model that is built into its Unemployment Tax and Benefit (UTAB) system to identify claimants who are likely to exhaust benefits and are in need of job search assistance to obtain new employment. The profiling model must statistically combine information on the person’s work industry, occupation, education level, county of residence, and other personal characteristics, including veteran and union status, and labor market characteristics to generate a numerical score indicating their likelihood of exhausting regular unemployment benefits before finding work. The claimants are to be ranked in a queue based on their individual score from most likely to least likely to exhaust benefits. On a weekly basis, the Department selects people from this queue for available appointments for reemployment evaluations. In July 2019, the Department implemented an online appointment scheduling system called the Reemployment Appointment Scheduler (RAS) to facilitate the appointment scheduling process for the Department’s WorkSource offices.
In June 2021, the Department deployed a pilot program proposed by the U.S. Department of Labor known as a randomized control trial (RCT), to randomly assign profile scores in lieu of using the risk profile model to profile all unemployment claimants. The objectives of the trial were to assess the impact of the RESEA program concerning duration of unemployment claims, earnings and employment probability of claimants following the provision of RESEA services, and to assess whether the program improved the identification of claimant eligibility issues and improper payment detection. Under the RCT, the WPRS score used to rank claimants was replaced with a randomly generated score, after excluding the top 5% of claimants with the highest WPRS scores.
The Department’s UI staff oversee the RESEA program, which includes participating in the planning, administration and oversight of the program, providing appropriate training to staff conducting applicant eligibility reviews, completing individual reemployment plans, and providing information and access to career and reemployment services, including referrals to other services. All staff working within the RESEA program must, at a minimum, be trained in the programmatic requirements, state laws, rules and agency policies. Department policy requires staff to complete an intensive training course before providing reemployment services to claimants, as well as take an annual refresher training once a year. Training includes information regarding job search requirements, reporting requirements and UI eligibility assessments. In addition, all staff working with RESEA participants must be trained to detect and report potential eligibility issues to the UI claims center.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the UI program to identify people likely to need reemployment services and ensure staff providing those services received required training. The prior finding number was 2023-010.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure the Department profiled all claimants under the UI program, to identify those likely to need reemployment services and ensure staff providing reemployment services received required training.
Identification for People Eligible for Reemployment Services
The Department did not adequately monitor its UTAB scoring model to ensure applicant risk profile scores were accurate to identify those claimants most likely to exhaust their unemployment benefits.
The Department is required to use a scoring model to profile all claimants to identify those likely to need reemployment services. During the audit period, the score calculated by the model was only applied for 5% of claimants with the highest score. A random score was assigned to the remaining 95% of claimants. The random score assignment did not provide adequate assurance that those people most likely to exhaust benefits were prioritized to receive reemployment services.
To determine a claimant’s profile score, the scoring model assigns 10 different coefficient rates associated with attributes that were determined by the Department to signify how likely a claimant will be to exhaust their unemployment benefits. The Department could not explain the methodology for determining an applicant’s profile score based on these 10 attributes, or how to independently recalculate the score.
The Department has not tested the calculation of the profile score to ensure it is functioning as intended and producing accurate results. In addition, management could not provide historical records to demonstrate the calculation had ever been tested since its first implementation. Therefore, the Department has no assurance that the calculation provides an accurate measurement of the risk a claimant will exhaust their benefits.
In addition, management did not monitor to determine whether the RAS system had received all eligible claimants. There is a daily process to send eligible claimants to the RAS selection queue, but there were no internal controls in place to ensure that all files sent to RAS were received and processed. In addition, RAS does not have a working test environment to test whether the system effectively schedules claimants based on defined rules and requirements.
Employee Training
The Department uses a tracking report to monitor the status of completed training for each RESEA employee. However, the Department did not adequately monitor to ensure staff who administered RESEA services to clients took required training.
We used a statistical sampling method to randomly select and examine 25 out of a total population of 277 employees that administered RESEA services to claimants during fiscal year 2024. We examined records for all RESEA training courses completed by these 25 employees and found one employee (4%) did not complete annual RESEA training during the audit period. This employee administered RESEA appointments to claimants during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Identification for People Eligible for Reemployment Services
During the implementation of the RCT, the Department did not monitor the profiling and prioritization of claimants for RESEA participation to determine whether claimants prioritized for receiving RESEA services were the most likely to exhaust their unemployment benefits.
In the prior audit our Office tested the Department’s UTAB risk scoring model and identified system weaknesses and recommended the Department review the design of its UTAB calculation to determine whether it was accurately identifying claimants most likely to exhaust regular UI benefits. However, during this audit period, the Department did not implement any system changes to the scoring model.
Employee Training
The Department asserted that the employee who did not receive annual training had returned from extended leave after their annual training was past due. Management did not ensure the employee completed the annual training before resuming work.
Effect of Condition
Identification for People Eligible for Reemployment Services
Without monitoring its automated scoring model for effectiveness, the Department cannot ensure that its systems select RESEA participants based on a valid risk profile and priority of need for reemployment services. By disabling the automated scoring model, the Department is not in compliance with provisions in the RESEA State Plan, and it cannot ensure that claimants selected for RESEA appointment services should have received consideration over higher-risk claimants who may be excluded in the RCT.
Employee Training
By not maintaining adequate training records for its employees, the Department cannot demonstrate that all RESEA staff have been properly trained on unemployment eligibility requirements in order to administer reemployment services to clients, as required in the RESEA State Plan.
Recommendation
We recommend the Department:
• Review the design of its UTAB calculation to determine an applicant’s risk profile score and test the calculation of the score to determine whether the system is accurately identifying claimants most likely to exhaust benefits. This understanding and testing should ensure that coefficient values are correctly determined and assigned by the UTAB system.
• Reconcile the interface between the UTAB system and the scheduling system to ensure the RAS scheduling system received all RESEA eligible claimants
• Consider implementing additional internal controls to ensure claimants are profiled and prioritized for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements
• Establish adequate internal controls to ensure all employees receive required RESEA training before providing reemployment screening services to claimants
• Ensure staff administering RESEA services on behalf of the Department have completed required training before providing services to claimants
Department’s Response
The Department thanks the State Auditor’s Office for its work to ensure compliance with federal requirements for the UI Program.
The Department would like to clarify it does use two federally approved methods to profile and prioritize for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements. The first is the profile score calculation, and the second is the federal pilot program which assigns priority differently than the profile score and is helping develop better outcomes.
The Department concurs with the recommendation regarding review and design of the profile score calculation so that ESD can accurately determine the effectiveness of the profile scoring. The Department in response to this finding in the prior audit year implemented a corrective action plan with a timeline of April 2025. This involved Department review of processes to effectively validate profile scores based upon new coefficients. That work began in October 2024 and ESD continues to discuss processes, prioritization, and resources to complete this work.
The Department continues to perform work and allocate resources to address reconciliation between the RAS scheduler and the UTAB system.
The Department monitors local offices for staff who have taken training and provide RESEA services. In the specific case cited in the finding, it was one staff member of 279 who was out for approved extended leave and missed the required training period for the refresher training. The Department additionally completed intensive training during the same period for 75 staff, for a total of 354 during SFY24. The Department has implemented follow up communication with local offices to remind members to attend the required training.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 United States Code, Chapter 7 – Social Security, Subchapter III – Grants to States for Unemployment Compensation Administration, § 503 – State laws, states in part:
(j) Worker profiling
(1) The State agency charged with the administration of the State law shall establish and utilize a system of profiling all new claimants for regular compensation that –
(A) Identifies which claimants will be likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment;
(B) Refers claimants identified pursuant to subparagraph (A) to reemployment services, such as job search assistance services; available under any State or Federal law;
Revised Code of Washington (RCW), Title 50, Unemployment Compensation, Section 50.20.011, Profiling system to identify individuals likely to exhaust benefits – Confidentiality of information – Penalty, states in part:
1. The commissioner shall establish and use a profiling system for new claimants for regular compensation under this title that identifies permanently separated workers who are likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment. The profiling system shall use a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion. Individuals identified as likely to exhaust benefits shall be referred to reemployment services, such as job search assistance services, to the extent such services are available at public expense.
2. The profiling system shall include collection and review of follow-up information relating to the services received by individuals under this section and the employment outcomes for the individuals following receipt of the services. The information shall be used in making profiling identifications.
Washington State Employment Security Department, Wagner-Peyser Employment Service Policy 4050, Reemployment Services and Eligibility Assessments (RESEA) program, states in part:
3. Policy:
A. Staff Training requirements for RESEA Services
Staff working in the RESEA program must, at a minimum, be trained in the program’s requirements, including state laws, rules, and agency policies related to job search, reporting requirements and UI eligibility assessments, prior to providing direct services to claimants and then receive annual refresher training thereafter. All staff working with RESEA participants must be trained to detect and report potential issues to the unemployment insurance claims centers.
B. Claimant selection for RESEA services
RCW 50.20.11 states, in part, that a profiling system must be established to identify new permanently separated claimants most likely to exhaust regular UI benefits and that are in need of job search assistance services to make successful transitions to new employment. This system uses a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion known as the profile score. Claimants with a work search requirement will be given a profile score. Those still attached to an employer will not receive a profile score.
Based on ranked scoring, claimants are selected and added to an electronic list as eligible to receive RESEA services. Claimants identified as most likely to exhaust, or as UCX receive top priority.
Selection occurs between the second and fifth week of a valid claim. Claimants waiting on decisions or for their claims to become valid are not selected until they have valid claims and are eligible for benefits.
2024-007 The Employment Security Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the Benefit Accuracy Measurement program of the Unemployment Insurance program in a timely manner.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34748-20-55-A-53; UI-37098-21-55-A-53; UI-37256-22-55-A-53; UI-38013-22-60-A-53; UI-39303-23-55-A-53; UI-39355-23-55-A-53; UI-00003-23-60-A-53; UI-00056-23-60-A-53; UI-00101-23-60-A-53; UI-00032-24-55-A-53; UI-00030-24-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – UI Benefit Payments
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-009
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits to unemployed workers under the Unemployment Compensation program for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs.
The Improper Payment Elimination and Recovery Act of 2010 requires state workforce agencies to maintain a quality control system. The Benefits Accuracy Measurement (BAM) program is the U.S. Department of Labor’s quality control system designed to assess the accuracy of unemployment insurance benefit payments and denied claims in separation status. The program estimates error rates and dollar amount of benefits improperly paid or denied by projecting the results from investigations in a state.
The Employment Security Department administers the state’s UI program. During fiscal year 2024, the Department paid more than $1.9 billion in unemployment insurance benefits to Washington residents.
Under the BAM program, the Department is required to draw a weekly sample of payments and denied claims. The Department must complete this sampling promptly and conduct an in-depth investigation of the claims to determine the degree of accuracy in administering the state’s Unemployment Compensation program and compliance with federal law (20 CFR 602.21(d)). The Department has established a dedicated BAM unit to meet these requirements.
The Benefit Accuracy Measurement State Operations Handbook, published by the U.S. Department of Labor’s Employment and Training Administration, indicates the time frame and requirements for conducting BAM program case sampling for paid claims. States must complete reviews of:
• Seventy percent of the sampled cases within 60 days of the week ending date of the batch; and
• Ninety five percent of the sampled cases within 90 days of the week ending date of the batch; and
• Ninety eight percent of sampled cases within 120 days of the ending date of the annual report period.
Additionally, states must sample denied claims and review:
• Sixty percent of the sampled cases within 60 days of the week ending date of the batch; and
• Eighty five percent of the sampled cases within 90 days of the week ending date of the batch; and
• Ninety eight percent of the sampled cases within 120 days of the end of the calendar year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported that the Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner. The prior finding numbers were 2023-009, 2022-006, 2021-005 and 2020-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner.
The Department did not effectively recruit, develop and retain staff to ensure it materially complied with the BAM program’s case review requirements.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not adequately staff its BAM unit with resources sufficient to meet BAM program requirements. Management did not allocate sufficient resources to the BAM unit and did not effectively retain its investigative staff assigned to the BAM unit to support its minimum required caseload. Additionally, management did not adequately monitor investigative staff caseloads and case completion rates to ensure the Department would meet the minimum federal requirements for conducting case reviews.
Effect of Condition
The Department did not comply with the federally required timelines for completing its case sampling.
For paid claims, we found the Department:
• Failed to complete the minimum required annual allocation for sampling of paid claims, completing 441 of the required 480 samples as of the audit period end date
• Completed only 430 (90%) of its 480 sampled cases within 90 days of the ending date of the annual report period, failing to meet the federal requirement of 95%
• Completed only 441 (92%) of its 480 sampled cases within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98%
For denied claims, we found the Department:
• Failed to complete the minimum required annual allocation for sampling of denied claims, completing 440 of the required 450 samples as of the audit period end date
• Completed only 145 (96%) of its 151 sampled cases of monetary denials within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98%
• Completed only 146 (97%) of its 151 sampled cases of separation denials within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98%
By not complying with the federally required timelines for completing case sampling, the Department cannot fully evaluate the accuracy of its claim decisions and is less likely to detect fraudulent payments.
Recommendation
We recommend the Department allocate the necessary staffing resources to ensure it complies with the U.S. Department of Labor’s timelines for BAM case sampling.
Department’s Response
The Department concurs with the recommendation. The Department did meet case sampling requirements for both paid and denied claims, but did not meet the timeliness requirements as stated in the effect of condition.
The Department has implemented increased oversight of case load to ensure timelines for both claim types are met.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 CFR Part 602, Quality Control in the Federal-State Unemployment Insurance System, section 21, Standard methods and procedures, establishes the requirements for states to conduct representative case sampling for quality control study of unemployment benefit claims, which state in part:
602.21 Standard methods and procedures.
Each State shall:
a. Perform the requirements of this section in accordance with instructions issued by the Department, pursuant to 602.30(a) of this part, to ensure standardization of methods and procedures in a manner consistent with this part;
b. Select representative samples for QC study of at least a minimum size specified by the Department to ensure statistical validity (for benefit payments, a minimum of 400 cases of week paid per State per year;
c. Complete prompt and in-depth case investigations to determine the degree of accuracy and timeliness in the administration of the State UC law and Federal programs with respect to benefit determinations, benefit payments, and revenue collections; and conduct other measurements and studies necessary or appropriate for carrying out the purposes of this part…
f. Furnish information and reports to the Department, including weekly transmissions of case data entered into the automated QC system and annual reports, without, in any manner, identifying individuals to whom such data pertain;
The U.S. Department of Labor, Employment and Training Administration Benefit Accuracy Measurement State Operations Handbook – ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 13: Completion of Cases and Timely Data Entry, states in part:
The following time limits are established for completion of all cases for the year. (The “year” includes all batches of weeks ending in the calendar year.):
• A minimum of 70% of cases must be completed within 60 days of the week ending date of the batch, and 95% of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98% of cases for the year must be completed within 120 days of the week ending date of the calendar year.
ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 12: Sampling Selection, states in part:
The annual sample sizes for UI paid claims and the three types of denials are fixed by DOL for the calendar year. BAM supervisors may change the weekly sample sizes in the input control record to accommodate investigator vacation schedules or other staffing contingencies. However, states are expected to pull at least the minimum number of cases each week. States may not over sample during a portion of the year in order to meet the annual sample allocation and then suspend sampling for the remainder of the calendar year. The minimum weekly and quarterly samples, based on current annual sample allocations are:
Sample Annual Allocation Normal Weekly Minimum Weekly Normal Quarterly Minimum Quarterly
Paid Claims 360* 7 5 90 81
Paid Claims 480 9 6 120 108
Denials 150/450** 3 2 37-38 32
*Allocation for ten smallest states in terms of UI workload.
**150 cases of each monetary, separation, and non-separation denials will be selected each year, for a total of 450 DCA cases.
ET Handbook No. 395, 5th Edition, Chapter VIII – Denied Claims Accuracy (DCA), Section 7: Completion of DCA Cases and Timely Data Entry, states in part:
As in paid claims, prompt completion of investigations is important to ensure the integrity of the information being collected by questioning claimant and employers before the passage of time adversely affects recollections. However, due to the fact that contacting the claimant and obtaining claimant information is more difficult than in paid claims, the timeliness standards differ as the following indicates:
• A minimum of 60% of cases must be completed within 60 days of the week ending date of the batch, and 85% of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98% of cases must be completed within 120 days of the ending date of the Calendar Year.
2024-008 The Employment Security Department did not have adequate internal controls to ensure compliance with federal requirements to annually certify that employer tax credits reported under the Federal Unemployment Tax Act are matched against employer contributions paid under the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34748-20-55-A-53; UI-37098-21-55-A-53; UI-37256-22-55-A-53; UI-38013-22-60-A-53; UI-39303-23-55-A-53; UI-39355-23-55-A-53; UI-00003-23-60-A-53; UI-00056-23-60-A-53; UI-00101-23-60-A-53; UI-00032-24-55-A-53; UI-00030-24-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions - Match with IRS 940 FUTA Tax Form
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The Unemployment Insurance (UI) program was created by the Social Security Act and provides benefits to unemployed workers under the Unemployment Compensation program for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2024, the Department paid more than $1.9 billion in unemployment insurance benefits to Washington residents.
The Federal Unemployment Tax Act (FUTA) provides for cooperation between the federal and state governments in establishment and administration of unemployment insurance. The IRS is responsible for receiving and processing the Form 940, Employer’s Annual Federal Unemployment Tax Return, or Schedule H for annual reporting of employer tax credits. The IRS uses the FUTA Certification Program to verify with states that the credits employers claimed on the Form 940, or Schedule H, were actually paid into the state unemployment fund.
The IRS Guide for Certification of State FUTA Credits (Guide) establishes the instructions for the certification of the states FUTA Tax Credits. Every September, the IRS creates a FUTA Identification Data File containing employer information, including FUTA tax credits reported, and distribute the file to states to verify tax credits reported to the IRS are accurate. The Guide stipulates that each state is responsible for certifying that this report is correct by reviewing the first 50 employers that have total state wages reported at zero (Zero Certification) and the first 50 employers that have total state wages reported at more than zero (Non-Zero Certification). The Department is required to trace the employer’s tax payments in the Next Generation Tax System (NGTS).
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with federal requirements to annually certify that employer tax credits reported under the FUTA are matched against employer contributions paid under the UI program.
The Department did not review the required minimum number of employer accounts before submitting its annual certification to the IRS. Specifically, we found the Department reviewed 98 of the 100 required samples of employers to ensure each employer reported the correct amount of unemployment contributions paid into the State's unemployment fund.
We consider these internal control deficiencies to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively design its internal controls to ensure accuracy of the certification to the IRS. Additionally, management did not adequately review employer account reconciliations its staff performed to ensure they reviewed the required number of accounts.
Effect of Condition
By not establishing adequate internal controls to ensure it reconciles all employer accounts requiring review before certification to the IRS, the Department cannot comply with federal requirements to verify FUTA tax credits are accurately reported to the IRS.
Recommendation
We recommend the Department improve its internal controls to ensure it reviews all employer accounts in accordance with federal requirements before certifying the report to the IRS.
Department’s Response
The Department thanks SAO for its work in this area and concurs with the finding. The Department is committed to ensuring our programs comply with federal regulations. The Department will recommunicate the requirement of minimal account review prior to filing the report.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
IRS Guide for the Certification of State FUTA Credits (September 2023 edition), Review Procedures, states in part:
After the FUTA Certification Data has been prepared and before transmission, the state should review the quality of the data. This review will minimize the number of re-transmission requests from the HQ staff.
Follow these review procedures:
1. Print two copies of the first 50 Zero Certification records (records where the total state wages are zero) and of the first 50 Non-Zero Certification records (records where the total state wages are other than zero). Use one copy to verify the format and components of the records against the specifications in this Publication.
2. With the second copy, using the EIN, request manual certification of these records from your appropriate state function. Compare the manual certifications with the print of the computer certifications to verify the data is the same. Remember the state reporting number provided is an additional research tool to help find the certification data for the EIN.
2024-009 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the Unemployment Insurance program to identify people likely to need reemployment services and ensure staff providing those services received required training.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34748-20-55-A-53; UI-37098-21-55-A-53; UI-37256-22-55-A-53; UI-38013-22-60-A-53; UI-39303-23-55-A-53; UI-39355-23-55-A-53; UI-00003-23-60-A-53; UI-00056-23-60-A-53; UI-00101-23-60-A-53; UI-00032-24-55-A-53; UI-00030-24-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – UI Reemployment Programs: Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-010
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department (Department) administers the state’s UI program. During fiscal year 2024, the Department paid more than $1.9 billion in unemployment insurance benefits to people in Washington.
The Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA) programs serve as the primary programs that facilitate the reemployment of UI claimants. RESEA is authorized by Section 306 of the Social Security Act, and it uses an evidence-based integrated approach that combines an assessment for continuing UI eligibility and the provision of reemployment services. The Department uses a RESEA program to satisfy the WPRS mandate in accordance with federal requirements, and its program design is documented in the RESEA State Plan approved by the U.S. Department of Labor.
According to the Department’s RESEA State Plan, the agency profiles unemployment claimants using a scoring model that is built into its Unemployment Tax and Benefit (UTAB) system to identify claimants who are likely to exhaust benefits and are in need of job search assistance to obtain new employment. The profiling model must statistically combine information on the person’s work industry, occupation, education level, county of residence, and other personal characteristics, including veteran and union status, and labor market characteristics to generate a numerical score indicating their likelihood of exhausting regular unemployment benefits before finding work. The claimants are to be ranked in a queue based on their individual score from most likely to least likely to exhaust benefits. On a weekly basis, the Department selects people from this queue for available appointments for reemployment evaluations. In July 2019, the Department implemented an online appointment scheduling system called the Reemployment Appointment Scheduler (RAS) to facilitate the appointment scheduling process for the Department’s WorkSource offices.
In June 2021, the Department deployed a pilot program proposed by the U.S. Department of Labor known as a randomized control trial (RCT), to randomly assign profile scores in lieu of using the risk profile model to profile all unemployment claimants. The objectives of the trial were to assess the impact of the RESEA program concerning duration of unemployment claims, earnings and employment probability of claimants following the provision of RESEA services, and to assess whether the program improved the identification of claimant eligibility issues and improper payment detection. Under the RCT, the WPRS score used to rank claimants was replaced with a randomly generated score, after excluding the top 5% of claimants with the highest WPRS scores.
The Department’s UI staff oversee the RESEA program, which includes participating in the planning, administration and oversight of the program, providing appropriate training to staff conducting applicant eligibility reviews, completing individual reemployment plans, and providing information and access to career and reemployment services, including referrals to other services. All staff working within the RESEA program must, at a minimum, be trained in the programmatic requirements, state laws, rules and agency policies. Department policy requires staff to complete an intensive training course before providing reemployment services to claimants, as well as take an annual refresher training once a year. Training includes information regarding job search requirements, reporting requirements and UI eligibility assessments. In addition, all staff working with RESEA participants must be trained to detect and report potential eligibility issues to the UI claims center.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the UI program to identify people likely to need reemployment services and ensure staff providing those services received required training. The prior finding number was 2023-010.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure the Department profiled all claimants under the UI program, to identify those likely to need reemployment services and ensure staff providing reemployment services received required training.
Identification for People Eligible for Reemployment Services
The Department did not adequately monitor its UTAB scoring model to ensure applicant risk profile scores were accurate to identify those claimants most likely to exhaust their unemployment benefits.
The Department is required to use a scoring model to profile all claimants to identify those likely to need reemployment services. During the audit period, the score calculated by the model was only applied for 5% of claimants with the highest score. A random score was assigned to the remaining 95% of claimants. The random score assignment did not provide adequate assurance that those people most likely to exhaust benefits were prioritized to receive reemployment services.
To determine a claimant’s profile score, the scoring model assigns 10 different coefficient rates associated with attributes that were determined by the Department to signify how likely a claimant will be to exhaust their unemployment benefits. The Department could not explain the methodology for determining an applicant’s profile score based on these 10 attributes, or how to independently recalculate the score.
The Department has not tested the calculation of the profile score to ensure it is functioning as intended and producing accurate results. In addition, management could not provide historical records to demonstrate the calculation had ever been tested since its first implementation. Therefore, the Department has no assurance that the calculation provides an accurate measurement of the risk a claimant will exhaust their benefits.
In addition, management did not monitor to determine whether the RAS system had received all eligible claimants. There is a daily process to send eligible claimants to the RAS selection queue, but there were no internal controls in place to ensure that all files sent to RAS were received and processed. In addition, RAS does not have a working test environment to test whether the system effectively schedules claimants based on defined rules and requirements.
Employee Training
The Department uses a tracking report to monitor the status of completed training for each RESEA employee. However, the Department did not adequately monitor to ensure staff who administered RESEA services to clients took required training.
We used a statistical sampling method to randomly select and examine 25 out of a total population of 277 employees that administered RESEA services to claimants during fiscal year 2024. We examined records for all RESEA training courses completed by these 25 employees and found one employee (4%) did not complete annual RESEA training during the audit period. This employee administered RESEA appointments to claimants during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Identification for People Eligible for Reemployment Services
During the implementation of the RCT, the Department did not monitor the profiling and prioritization of claimants for RESEA participation to determine whether claimants prioritized for receiving RESEA services were the most likely to exhaust their unemployment benefits.
In the prior audit our Office tested the Department’s UTAB risk scoring model and identified system weaknesses and recommended the Department review the design of its UTAB calculation to determine whether it was accurately identifying claimants most likely to exhaust regular UI benefits. However, during this audit period, the Department did not implement any system changes to the scoring model.
Employee Training
The Department asserted that the employee who did not receive annual training had returned from extended leave after their annual training was past due. Management did not ensure the employee completed the annual training before resuming work.
Effect of Condition
Identification for People Eligible for Reemployment Services
Without monitoring its automated scoring model for effectiveness, the Department cannot ensure that its systems select RESEA participants based on a valid risk profile and priority of need for reemployment services. By disabling the automated scoring model, the Department is not in compliance with provisions in the RESEA State Plan, and it cannot ensure that claimants selected for RESEA appointment services should have received consideration over higher-risk claimants who may be excluded in the RCT.
Employee Training
By not maintaining adequate training records for its employees, the Department cannot demonstrate that all RESEA staff have been properly trained on unemployment eligibility requirements in order to administer reemployment services to clients, as required in the RESEA State Plan.
Recommendation
We recommend the Department:
• Review the design of its UTAB calculation to determine an applicant’s risk profile score and test the calculation of the score to determine whether the system is accurately identifying claimants most likely to exhaust benefits. This understanding and testing should ensure that coefficient values are correctly determined and assigned by the UTAB system.
• Reconcile the interface between the UTAB system and the scheduling system to ensure the RAS scheduling system received all RESEA eligible claimants
• Consider implementing additional internal controls to ensure claimants are profiled and prioritized for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements
• Establish adequate internal controls to ensure all employees receive required RESEA training before providing reemployment screening services to claimants
• Ensure staff administering RESEA services on behalf of the Department have completed required training before providing services to claimants
Department’s Response
The Department thanks the State Auditor’s Office for its work to ensure compliance with federal requirements for the UI Program.
The Department would like to clarify it does use two federally approved methods to profile and prioritize for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements. The first is the profile score calculation, and the second is the federal pilot program which assigns priority differently than the profile score and is helping develop better outcomes.
The Department concurs with the recommendation regarding review and design of the profile score calculation so that ESD can accurately determine the effectiveness of the profile scoring. The Department in response to this finding in the prior audit year implemented a corrective action plan with a timeline of April 2025. This involved Department review of processes to effectively validate profile scores based upon new coefficients. That work began in October 2024 and ESD continues to discuss processes, prioritization, and resources to complete this work.
The Department continues to perform work and allocate resources to address reconciliation between the RAS scheduler and the UTAB system.
The Department monitors local offices for staff who have taken training and provide RESEA services. In the specific case cited in the finding, it was one staff member of 279 who was out for approved extended leave and missed the required training period for the refresher training. The Department additionally completed intensive training during the same period for 75 staff, for a total of 354 during SFY24. The Department has implemented follow up communication with local offices to remind members to attend the required training.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 United States Code, Chapter 7 – Social Security, Subchapter III – Grants to States for Unemployment Compensation Administration, § 503 – State laws, states in part:
(j) Worker profiling
(1) The State agency charged with the administration of the State law shall establish and utilize a system of profiling all new claimants for regular compensation that –
(A) Identifies which claimants will be likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment;
(B) Refers claimants identified pursuant to subparagraph (A) to reemployment services, such as job search assistance services; available under any State or Federal law;
Revised Code of Washington (RCW), Title 50, Unemployment Compensation, Section 50.20.011, Profiling system to identify individuals likely to exhaust benefits – Confidentiality of information – Penalty, states in part:
1. The commissioner shall establish and use a profiling system for new claimants for regular compensation under this title that identifies permanently separated workers who are likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment. The profiling system shall use a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion. Individuals identified as likely to exhaust benefits shall be referred to reemployment services, such as job search assistance services, to the extent such services are available at public expense.
2. The profiling system shall include collection and review of follow-up information relating to the services received by individuals under this section and the employment outcomes for the individuals following receipt of the services. The information shall be used in making profiling identifications.
Washington State Employment Security Department, Wagner-Peyser Employment Service Policy 4050, Reemployment Services and Eligibility Assessments (RESEA) program, states in part:
3. Policy:
A. Staff Training requirements for RESEA Services
Staff working in the RESEA program must, at a minimum, be trained in the program’s requirements, including state laws, rules, and agency policies related to job search, reporting requirements and UI eligibility assessments, prior to providing direct services to claimants and then receive annual refresher training thereafter. All staff working with RESEA participants must be trained to detect and report potential issues to the unemployment insurance claims centers.
B. Claimant selection for RESEA services
RCW 50.20.11 states, in part, that a profiling system must be established to identify new permanently separated claimants most likely to exhaust regular UI benefits and that are in need of job search assistance services to make successful transitions to new employment. This system uses a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion known as the profile score. Claimants with a work search requirement will be given a profile score. Those still attached to an employer will not receive a profile score.
Based on ranked scoring, claimants are selected and added to an electronic list as eligible to receive RESEA services. Claimants identified as most likely to exhaust, or as UCX receive top priority.
Selection occurs between the second and fifth week of a valid claim. Claimants waiting on decisions or for their claims to become valid are not selected until they have valid claims and are eligible for benefits.
2024-011 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with federal requirements for suspension and debarment and wage rate notification.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
20.205 COVID-19 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement
Pass-through Entity Name: None
Pass-through Award/Contract Number:
Applicable Compliance Component: None
Suspension and Debarment
Special Tests and Provisions – Wage Rate Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for highway construction projects that it will pay in whole or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding the contract or making purchases, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower-tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. In addition, all prime construction contracts more than $2,000 awarded by nonfederal entities must include a provision for compliance with the Davis-Bacon Act for payment of prevailing wages to laborers.
Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid. FHWA Form FHWA-1273 includes the required Davis-Bacon and related act provisions as well as a suspension and debarment certification.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. In fiscal year 2024, the Department awarded about $890 million to contractors participating in construction projects under the federal Highway Planning and Construction program.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements for suspension and debarment and wage rate notifications.
We examined 12 out of 37 contracts totaling about $735 million awarded by the Department. We found one contract for about $479 million (65%) in which the Department did not include the required Form FHWA-1273 in the contract provisions.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
During the contract execution phase, management did not adequately review contract documents to ensure they included the Form FHWA-1273 before requesting the contractor’s signature. Management did not immediately recognize that the contract did not include the required certification on federal suspension and debarment, or the requirement to pay prevailing wages to laborers.
The Department discovered the missing form after the contract was awarded and signed into effect, but did not approve a change order to amend the contract with the contractor until after the audit period.
Effect of Condition
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. Any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Additionally, by not including language in the contract terms and conditions requiring the contractor to pay all laborers and lower-tier contractors and subcontractors prevailing wages, the Department is at an increased risk of obligating federal funding to contractors to perform work that does not meet federal prevailing wage laws.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with state laws and regulations, FHWA regulations, and its own policies and procedures
• Improve its internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its policies and procedures for awarding contracts
Department’s Response
We appreciate the State Auditor’s Office (SAO) audit of the Federal Highway Administration’s (FHWA) Program. The Department is committed to ensuring our programs comply with federal regulations related to procurement, suspension, and debarment. We also appreciate the importance of including all required contract provisions in our federal-aid construction contracts. We acknowledge the Department did not include a required federal form (form FHWA-1273) as part of one contract. We would also like to state that the Department has policies & procedures, approved by FHWA, in place to ensure all contracts awarded have all the necessary elements to meet both state and federal requirements. In thoroughly investigating the details around this occurrence, there are several components we believe are worth noting:
• There is clear guidance provided to teams to ensure that Form 1273 is included in all contracts.
• It was simply a mistake that Form 1273 was left out of this set of contract documents. In this case, the contract documents were some 1,200 pages and the inclusion of this form in an appendix was simply overlooked by the project team.
• As a result of various checks and balances already in place, the Department discovered that Form 1273 was missing. This was ahead of the audit and also before any work started on the contract. Upon that discovery, we added Form 1273 by executing Change Order number 1 to the construction contract in question July 18, 2024. There were no negative repercussions or issues created.
• As an additional protection, all contracts include language that requires the contractor to meet the various requirements associated with Form 1273, whether Form 1273 was included in the contract or not.
We’ve had follow-up conversations with appropriate staff on lessons learned from this occurrence and believe the issue has been addressed moving forward.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 U.S. Code of Federal Regulations (CFR) Part 180, OMB Guidelines on Agencies on Government Wide Department and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
Title 29 U.S Code of Federal Regulations (CFR) Part 5, Labor Standards Provisions Applicable to Contracts Covering Federally Financed and Assisted Construction (also Labor Standards Provisions Applicable to Nonconstruction Contracts Subject to the Contract Work Hours and Safety Standards Act), Section 5, Contract provisions and related matters, describes the requirements for payment of prevailing wages to laborers and contractors.
2024-012 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-012
Background
The Washington State Department of Transportation’s Local Programs Office administers Highway Planning and Construction Program funding to local agencies throughout the state for highway construction projects. The Department spent about $818 million on highway projects during fiscal year 2024. Of that amount, it awarded about $425 million to local agencies through subawards for 355 new and existing projects across the state.
Pass-through entities are required to monitor the activities of their subrecipients to ensure they are properly using federal funds. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
For the subawards made during fiscal year 2024, Department management delegated the responsibility to complete risk assessments for individual projects to the Local Programs Engineers who were assigned to the regional office that oversees the project. When the Department prepares to monitor or review a subrecipient, it selects an open and active project and evaluates the subrecipient based on its performance under that project.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program. The prior finding number was 2023-012.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
We randomly selected and examined 28 of the 355 projects awarded funding during the audit period to determine if the Department performed a risk assessment of each project to determine the appropriate level of monitoring required for the subrecipient. We found the Department did not complete risk assessments for six of the 28 projects (21 %). Three risk assessments were signed and dated by Department staff after the audit period had ended. The other three projects did not have a risk assessment performed.
We consider this internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure the Local Programs Engineers performed risk assessments for each subrecipient project awarded program funds.
Effect of Condition
Not performing risk assessments makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the grant’s terms and conditions. Without verifying the Local Programs Engineers completed risk assessments for each awarded project, the Department cannot ensure it is performing risk assessments consistently and using the proper criteria to determine the appropriate amount of monitoring required for each subrecipient project.
Recommendation
We recommend the Department:
• Ensure it properly performs and documents the required risk assessments, which would allow management to evaluate the results and demonstrate compliance with federal requirements.
• Improve its monitoring of regional Local Programs Engineers to ensure they complete risk assessments for each program-funded project.
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Highway Planning and Construction program. WSDOT is committed to ensuring our programs comply with federal regulations.
Risks assessments for subrecipients in this FHWA grant program are the responsibility of WSDOT’s Regional Local Programs Engineers, located in the six WSDOT Regions. While every attempt is made to complete a risk assessment at each phase of a project, staff turnover contributed to the lack of consistency and timeliness in completing these assessments. To help ensure consistency, the Department has updated position descriptions for Local Programs Engineers to reflect this requirement.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, section 332, Requirements for pass-through entities, establishes requirements for pass-through entities to evaluate each subrecipients’ risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate level of subrecipient monitoring.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-013 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Wage Rate Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-013
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $818 million in federal Highway Planning and Construction program funds during fiscal year 2024. Of that amount, it spent more than $389 million on state-administered construction projects.
All laborers and mechanics employed by contractors or subcontractors to work on construction contracts exceeding $2,000 financed by federal assistance funds must be paid wages that are no less than those established for the locality of the project (prevailing wage rates) by the Department of Labor. All contractors and subcontractors are required to submit a copy of their payroll and a statement of compliance (certified payrolls) on a weekly basis, for each week in which any applicable contract work is performed. The Department’s construction projects typically involve both a prime contractor and subcontractors to complete work on the project. The Department is required to authorize the prime contractor’s use of subcontractors on a project.
The Department requires field inspectors to be onsite during construction work to ensure projects are completed in accordance with contract specifications. For every day of the week in which contract work is performed, Project Engineers, Project Managers, or Chief Inspectors overseeing construction review inspector’s reports to document which contractors are required to submit certified payrolls for the given week.
The Department publishes the Standard Specifications for Road, Bridge and Municipal Construction (Standard Specifications), in addition to the Construction Manual (M.41-01.41), which applies to its construction contracts, and is approved by the U.S. Federal Highway Administration of the Department of Transportation. These specifications require contractors to submit certified payrolls to the Department on a weekly basis for each weekly payroll period. The Standard Specifications further stipulate that contractors must use the Washington State Department of Labor and Industry’s Prevailing Wage Intents and Affidavit System (PWIA) to submit weekly certified payrolls on federal and state projects. The Construction Manual further requires that Project Engineers verify that contractor certified payrolls are submitted on a weekly basis in PWIA. If the contractor’s certifications are not submitted in a timely manner, the Standard Specifications permit the Department to withhold payment from contractors and enact other sanctions as necessary.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the Highway Planning and Construction program. The prior finding number was 2023-013.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the program.
We found that the Department’s internal controls were not adequate to ensure all contractors and subcontractors submitted certified payrolls on a weekly basis, as required by federal law and the Standard Specifications.
We used a statistical sampling method to randomly select 85 out of a total 1,605 weeks in which contract work was performed on federally funded construction projects, to determine whether the Department received certified payrolls from the prime contractor and all subcontractors performing work on the project on a weekly basis, or within one week of the preceding payroll period end date, as required by federal law and Department policies. We identified the 85 weeks required a total of 576 certified payrolls to be submitted to the Department.
Collecting certified payrolls
The Department did not collect all certified payrolls from the prime contractor and subcontractors on a weekly basis for 79 of the 85 weeks we examined (93 %). We performed testing to determine whether the Department collected all certified payrolls due from contractors working on the project within seven days (or one week) of the payroll week ending date.
We identified 29 payrolls that were not collected by the Department before the end of the audit period. Of the 547 payrolls submitted to the Department, 305 (56 %) were not submitted within seven days of the payroll week ending date, as required by federal law and the Construction Manual. On average, these payrolls were 21 days late and we found:
• 145 payrolls were between one and seven days late;
• 65 payrolls were between eight and 14 days late;
• 47 payrolls were between 15 and 30 days late; and
• 48 payrolls were more than 30 days late, with the oldest being 279 days late
Review of certified payrolls
We performed additional testing to determine whether the Department submitted a request to the contractor to supply overdue payrolls in the PWIA system, as required by the Construction Manual. We found 204 overdue payrolls (67 %) had no requests submitted to the prime contractor or subcontractor (if applicable). Additionally, 95 of these payrolls were submitted more than one week late, with the oldest being 279 days late.
We inquired with the Department as to whether any sanctions were imposed upon contractors with late or missing certified payroll submissions. We determined two payments related to one contract from our sample had payment partially withheld due to delinquent payrolls. However, we received no additional records to demonstrate sanctions imposed on contractors for the weeks reviewed as part of the audit.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not adequately monitor Project Offices and the PWIA system to ensure compliance with federal requirements and the Construction Manual. While the Department’s Construction Manual and Standard Specifications have documented policies and procedures in place for Project Engineers to follow to track certified payrolls due from contractors, they do not include clear guidance on when and how Project Engineers follow up on late submissions and issue sanctions. Additionally, Project Engineers did not consistently follow these policies when monitoring contractors for compliance and documenting certified payrolls due on construction projects.
Effect of Condition
Without collecting all certified payrolls timely, the Department cannot ensure that laborers working on federally funded construction contracts are being paid the applicable prevailing wages, as required by law, which could make the Department and the contractor vulnerable to sanctions by the U.S. Department of Labor.
In addition, by not collecting certified payrolls on a weekly basis, the Department is not in compliance with federal requirements and may be subject to actions by the federal grantor.
Recommendations
We recommend the Department:
• Improve internal controls to ensure Project Engineers monitor the status of certified payrolls due from contractors on a weekly basis in accordance with its Construction Manual, ensure contractors are made aware of delinquent payrolls, and consideration is given to assessing sanctions on noncompliant contractors in accordance with its Standard Specifications, such as withholding any or all payments to the contractor, as necessary, when contractors do not submit required certified payrolls on a weekly basis
• Monitor projects offices to ensure contractors are notified in PWIA when they have not provided certified payrolls for a given week of contract work, in accordance with the Construction Manual, and request all overdue or missing payrolls immediately
• Ensure certified payrolls are collected from prime contractors and all subcontractors on a weekly basis, in accordance with federal law and the Construction Manual
• Consider modifying the Construction Manual to define the circumstances in which sanctions must be imposed upon contractors with incomplete, overdue or missing certified payrolls
Department’s Response
The Washington State Department of Transportation appreciate the State Auditor’s Office (SAO) audit of the Federal Highway Administration’s (FHWA) Program. The Department is committed to ensuring our programs comply with federal regulations.
As WSDOT indicated in previous years for similar findings, the draft audit finding does not consider the nature of the contractual relationship between the contractor and WSDOT as the owner. The owner's compliance with the Davis-Bacon Act and regulations cited in the finding is determined by collective actions specified by regulations and not merely by how many payrolls are collected from the contractor within an arbitrary 7-day window. WSDOT, in close consultation with the FHWA, has established contract administration processes with contingencies built in to address and correct for contractor noncompliance. In addition, WSDOT will not issue project Completion until all certified payrolls are collected (Standard Specifications 1-08.5.2, Time for Completion). FHWA guidance recommends actions to take if a contractor is habitually late in submitting payrolls but leaves it up to WSDOT to determine when sanctions should be imposed. WSDOT’s Standard Specifications (1-07.9(5)) on certified payrolls aligns with FHWA guidance. Sanctions are imposed as appropriate during the life of a contract. We also point out that SAO only reviewed the Department’s actions taken, such as sanctions, only as they applied to the original weeks tested, not for other weeks within the contract. Sanctions are taken when contractors meet certain criteria such as being habitually late. As a result, SAO did not review or consider all evidence we provided of sanctions taken on late payrolls during the contract period, when it was not within the weeks originally tested. We will continue to look for opportunities to improve our process as well as our documentation to demonstrate compliance with the Davis-Bacon Act requirements. In addition, we will continue consulting with FHWA for any further actions needed to resolve this finding. Changes to the Construction Manual just approved by FHWA in January 2025, will help to clarify timeliness in submission of certified payrolls and Department follow up actions, and should help clarify the rules we’re evaluated against regarding certified payrolls
In FHWA’s management decision letter of November 14, 2024, in response to a similar finding for FY 2023, the grantor states “FHWA believes that WSDOT’s procedures, in their entirety, contain the necessary controls to ensure reasonable compliance with 29 CFR 5.5 and FHWA Davis-Bacon and Related Acts Questions and Answers. Ensuring all certified payrolls are collected, and considering sanctions or other appropriate actions for missing payrolls using the methods outlined in WSDOT’s procedures provide sufficient internal control and reasonable compliance, notwithstanding the collection of the payrolls within a seven-day period. FHWA considers this finding to be resolved.”
In this year’s audit, the State Auditor sampled 85 weeks and the required 547 certified payrolls for contract work performed on federally funded construction projects during that period. WSDOT collected all the required 547 certified payrolls. SAO identified 29 payrolls that were “not collected by the Department before the end of the audit period”, however these payrolls were collected. Because these 29 payrolls were collected during a week that SAO had not tested, the auditor did not report the payrolls as collected. Of the 547 payrolls only 48 were 30-days or more late and only 25 (4.5%) were 60-days or more late. This result is below the exception threshold typically allowed by the State Auditor of 5%. At 60-days, the Department has its first opportunity to initiate sanctions against the contractor. Of the 25 payrolls that were at least 60-days late, WSDOT had imposed sanctions against a contractor, including withholding payment. WSDOT had also performed actions, such as notifying the contractors via email or during weekly meetings with the contractors. Sanctions prior to 60-days, are not feasible, as the contractors are paid monthly for the prior month’s work, and WSDOT has 30-days to process payments.
As indicated last year, WSDOT is in the midst of delivering its largest and one of its most complex construction programs in our history and is doing so with lower and less experienced staffing levels than it had to deliver past construction programs.
Auditor’s Remarks
In determining our audit opinion on the Department’s compliance, we did not give consideration to payrolls collected after the one-week due date that were also collected after the audit period ended. Regarding the 29 missing certified payrolls, based on Department records and PWIA, as of our audit, 10 of these payrolls had not yet been collected by the Department. The 19 payrolls that were eventually collected were received by the Department from July 2, 2024 to January 9, 2025, which is between 10 and 426 days beyond the one-week due date, and between two and 193 days after the audit period end date.
Our testing of contractor certified payrolls was designed to address the U.S. Department of Labor (USDOL) regulations outlined in the Davis-Bacon Act and related requirements concerning federally-funded construction projects (Title 29 CFR, Subpart A – Davis-Bacon and Related Acts Provisions and Procedures, Subsection 5.5). These requirements, in addition to the suggested audit procedures in Part 4 of the Uniform Guidance Compliance Supplement, were applied to our audit testing. Federal law requires for contractors and subcontractors participating in federal-aid construction projects to submit weekly and for each week certified payrolls to the Department. In addition, the Department’s Construction Manual requires contractors to submit certified payrolls on federal-aid projects weekly regardless of whether or not work was performed. Using these criteria expanded upon in the Applicable Laws and Regulations below, we do not believe our interpretation that payrolls should be collected in the week following the preceding payroll week’s ending date is arbitrary.
Furthermore, the USDOL Wage and Hour Division’s Final Rule (effective October 23, 2023) concerning the Davis-Bacon and Related Acts Regulations, stipulates that “contractors and subcontractors are required to provide certified payrolls to the contracting agency to demonstrate their compliance with Davis-Bacon Act requirements on a weekly basis,” and that “the Department cannot allow contractors to pay required prevailing wages or submit certified payrolls on a basis less frequent than weekly.”
We reviewed all documentation provided by the Department addressing late or missing contractor certified payrolls. The Department’s records show only two contract payments (only one of which corresponded to a week we examined as part of this audit) had partial payment withheld from the prime contractor. In addition, the Department only followed up on one-third of its overdue payrolls examined as part of this audit by submitting requests to the contractor to furnish the required payrolls as outlined in the Construction Manual. We believe these observations support our opinion that the Department’s internal controls were not sufficient to detect and correct material noncompliance with respect to the federal requirements. The Department also acknowledges in its response that approximately nine percent of its certified payrolls collected from contractors were more than 30 days late which we believe is significant, as the Department reviews pay estimates from prime contractors on a monthly basis, and this indicates that the Department is not following up on overdue contractor certified payrolls weekly as the Construction Manual requires.
The Department also states it is not feasible to impose sanctions upon contractors with habitually late payrolls before 60 days have passed from the week(s) of work ending due to its designed payment delivery method. Without ensuring its prime contractors have submitted certified payrolls for their employees and for all approved subcontractors performing work under the contract, the Department cannot ensure the contractor has paid prevailing wages to all laborers and mechanics, and that laborers have been paid on a weekly basis, as federal law requires.
We appreciate the Department’s willingness to re-define its contractor monitoring requirements in its Construction Manual with the federal grantor, and we expect that these revisions more narrowly define the expectations for what specific follow-up actions the Department must take against the contractor and define the timelines for performing necessary follow-up actions.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 29 CFR Part 5, Labor Standards Provisions Applicable to Contract Covering Federally Financed and Assisted Constructed (Also Labor Standards Provisions Applicable to Nonconstruction Contracts Subject to the Contract Work Hours and Safety Standard Act), section 5, Contract provisions and related matters, establishes the requirements for including prevailing wage clauses in federal-aid contracts, payment withholding, and required documents.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Federal Highway Administration Davis-Bacon and Related Acts Questions and Answers, section 56, states that contracting agencies are responsible for properly applying and enforcing prevailing wage requirements in covered contracts including:
a. Verifying that covered contracts have incorporated the required Davis-Bacon clauses and the applicable wage determination(s);
b. Verifying that the Davis-Bacon notice and the applicable wage determination(s) are displayed at the site of the work in a conspicuous location in clear view of everyone;
c. Reviewing certified payrolls in a timely manner;
d. Conducting employee interviews
e. Conducting reviews and investigations of covered contracts in conjunction with FHWA as appropriate;
f. Forwarding refusal to pay and/or debarment consideration cases to the USDOL Wage and Hour Division for appropriate action; and
g. Submitting enforcement reports and semi-annual enforcement reports to the USDOl Wage and Hour Division
The Washington State Department of Transportation’s Construction Manual (M41-01.43), April 2024 edition, section 1-07.9, Wages, states in part:
Federal Prevailing Wage
Enforcement of Federal Prevailing Wage Provisions
In addition to the requirements of Standard Specifications Section 1-07.9, all Contracts financed with Federal funding includes the Required Contract Provisions for Federal-Aid Construction Contracts (FHWA-1273). These provisions identify Federal wage requirements. The Federal prevailing wage requirements included in these provisions are also commonly referred to as Davis Bacon and Related Acts (DBRA). It is the Project Engineer’s responsibility to monitor and enforce these provisions to the degree necessary to ensure full compliance. In order to comply with these requirements, the Contractor must:
Submit weekly certified payrolls to the Project Engineer through LNI’s Prevailing Wage Intents and Affidavits (PWIA) system.
Ensure each Subcontractor, and each agent or lower-tier subcontractor submits weekly certified payrolls to the Project Engineer through PWIA.
SS1-07.9(5) Required Documents
Statement of Intent
Every Contractor, Subcontractor, agent, or lower tier subcontractor performing work on a public works contract must submit a Statement of Intent to Pay Prevailing Wages to LNI for approval. Separate Intents are required for each Request to Sublet submitted on the project. Hiring Contractors are required to file an Intent if they hire a lower tier subcontractor subject to prevailing wages.
Affidavit of Wages Paid
Prior to Contract Completion, the Contractor, all Subcontractors, agents and lower-tier subcontractors must submit an Affidavit of Wages Paid to the Project Engineer using PWIA. The form may be submitted earlier by a Subcontractor or lower-tier subcontractor if that firm’s work is completed prior to Completion of the Contract. All Affidavits must be approved by LNI prior to Contract Completion.
Certified Payroll
Certified payroll must be submitted to the Project Engineer through PWIA for each Contractor, Subcontractor, and each lower tier subcontractor performing work on the project, regardless of funding source or delivery method. Certified payrolls are required from the time each Firm begins performing Contract work until the time the Affidavit is visible in PWIA, or until the Contractor has identified their last certified payroll has been Submitted. Once the Affidavit is visible in PWIA, the Affidavit has been approved by LNI. The last working day is included on the Affidavit, and the Project Office should compare this date to the last certified payroll submitted.
A tracking sheet is required to document when Project Office staff verify that certified payrolls are received through PWIA. The frequency of verification depends on the funding source of the project. Weekly verification is required for federally funded projects, while monthly verification is required for state funded contracts. The tracking sheet needs to indicate that all active Contracts have been checked for late or missing certified payrolls. PWIA will be used to track requests made for missing certified payrolls. A separate tracking sheet may be used to track which certified payrolls have been verified for each Project.
Federally funded projects require weekly submittals. Further review of the payroll will be required to ensure the Federal prevailed wage rate is met using the Wage Determination included in the Contract Special Provisions.
Federally funded Contracts:
• Weekly submittals
• No leniency on late submittals
• Required for every week, whether work was performed or not
• Enforcement of all Federal requirements will remain WSDOT responsibility
Federally funded projects require weekly submittal of certified payrolls. If the Contractor is unable to submit their payroll electronically using PWIA, they must submit the certified payrolls directly to the Project Office.
Non-compliance or non-submittal could result in the Project Engineer withholding an
appropriate portion of payment (see Section SS 1-09.9).
The Washington State Department of Transportation’s Construction Manual (M41-01.43), April 2024 edition, section 1-09, Measurement and Payment, states in part:
Withholding of Payments
Withholding payments for the work the Contractor has performed and completed in accordance with the contract should not be done casually. There must be clear contract language supporting the action. The authority to withhold progress payments is subdelegated to the Regions. Further delegation to the Project Engineers is at the discretion of each Region.
Delinquent Contractor Submittals
Missing submittals is a principal source of delays in closing out the project and processing the final estimate. As the project proceeds toward completion, the Project Engineer and the Contractor should attempt to obtain all submittals as the need arises. These might include such things as materials certificates, certified payrolls, extension of time requests, or any other item or document that delay processing the final estimate.
2024-014 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with quality assurance program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Quality Assurance Program
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-014
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction Program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $818 million in federal Highway Planning and Construction program funds during fiscal year 2024. Of that amount, it spent more than $389 million on state-administered construction projects.
Federal regulations require that the Department have a quality assurance (QA) program, approved by the Federal Highway Administration (FHWA), for construction projects on the National Highway System to ensure that materials and workmanship conform to approved plans and specifications. Verification sampling must be performed by qualified testing personnel employed by the Department or its designated agent, excluding the contractor.
The Department’s QA program requirements are outlined in the Construction Manual, which is approved by the FHWA. This manual documents how materials are tested for acceptance before being incorporated into construction projects. Materials can be accepted in various ways, such as sample testing, a visual inspection documented by the Field Note Record or Inspector’s Daily Report, or a certification of compliance from the manufacturer. If a materials test is required, the Department must ensure that only qualified people perform the testing, including independent testers, consultants or certified Department employees.
To ensure that materials incorporated into a project meet approved plans and specifications, the Department prepares a list of prescribed materials to be used on the project. The Department uploads this list to a program called the Record of Materials (ROM). The ROM sets forth the materials and quantities that are expected to be used on the project, and it documents the proper acceptance criteria, including any test(s) personnel are required to perform on a material.
To ensure that only qualified people perform the testing, testers must pass a certification exam, which consists of a written and performance exam. After passing both, the testers are entered into the Qualified Tester Database and are certified for five years, after which they must recertify by passing both exams again. There are two different types of tester qualifications: module and method. Module testers are proficient in multiple method tests that can encompass all method tests for a particular material, whereas method testers may only be proficient in particular tests for any given material.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed materials testing for projects funded by the Highway Planning and Construction program. The prior finding numbers were 2023-014, 2022-011, 2021-011, 2020-017 and 2019-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction program.
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
We used a statistical sampling method and randomly selected and examined 58 out of a total population of 1,687 materials that were used on federally funded projects during state fiscal year 2024. For the 58 randomly selected materials, we requested supporting documentation for acceptance and/or testing of the material. We found:
• One material where the Department did not obtain the manufacturer’s certificate of compliance
• One material where the project engineer did not perform testing in accordance with the Department’s Standard Specifications
Testing personnel were not properly certified
We obtained data from the Department to identify materials tested for acceptance during the audit period. Using this data, we identified 1,080 unique tester and acceptance test types corresponding to the materials tested. We used a statistical sampling method and randomly selected and examined 57 out of the 1,080 to verify whether the testers performing materials testing for the Department had all required documents to support the tester’s certification. We found:
• One instance where the tester was missing a required exam for certification
• Three instances where the Department was unable to provide documentation to support that the tester met certification requirements
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
Management did not adequately monitor project offices to ensure all required materials testing and acceptance occurred in accordance with the Construction Manual.
Testing personnel were not properly certified
Project Engineers did not ensure tester qualifications were current, and management did not ensure that only qualified testers performed materials testing and acceptance on behalf of the Department.
Effect of Condition
By not adequately monitoring project materials to ensure they conform to approved plans and specifications, the Department does not have reasonable assurance that materials incorporated into projects conform to standard specifications and the Construction Manual.
By not properly verifying and documenting the testers’ qualifications, the Department risks improper material testing. This could result in the Department using materials that may not conform to approved plans and specifications.
Recommendations
We recommend the Department:
• Improve internal controls, and monitor project offices, to ensure that required sampling activities occur, as required, and permanently incorporated materials conform to standard specifications for all federal aid construction projects
• Strengthen internal controls to ensure testers have completed all required exams and that they have proper documentation of passing these exams before performing sampling activities
• Continue to review all testers to ensure they meet the minimum requirements for certification before performing materials testing on projects receiving federal aid
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office (SAO) audit of the Federal Highway Program and the federally required Quality Assurance (QA) program. The Department is committed to ensuring our programs continue to comply with federal regulations and recognizes that there are always opportunities for improvement to its QA program.
The Department continues towards replacement of its ROM legacy system; therefore, it was not practical to modify this system to help correct issues reported in a similar finding in previous Single Audits. Instead, the Department eliminated its practice requiring updates to the ROM within 30 days of payment and instead relies on the required documentation, as evidence of proper material acceptance. In addition, WSDOT modified its practice related to how tester data is reviewed and entered into the tester certification tracking system, as a result of audit recommendations from a prior audit, however this change was not formally adopted into policy until the Construction Manual was approved in April 2024. All offices now funnel tester data to the Headquarters Quality Assurance Program for review and entry. These changes to practices were communicated to appropriate staff and are reflected in the Construction Manual, which was reviewed and approved by FHWA.
Materials Acceptance
The construction contracts awarded in FY24 utilizing federal funding contained more than 4,600 materials and SAO identified 1,687 that required testing. SAO examined documentation for 58 materials that required testing. Through our review of SAO’s exceptions the Department found only 2 materials (3.4%) where we could not provide documentation to support that testing occurred or was not required.
Testing Personnel Certifications
FY24 had over 7,000 materials tested. The State Auditor selected and reviewed documentation for 57 tests and whether the testers performing materials testing activities for the Department had all required documents to support their certification and took exception to documentation provided. The Department had 3 testers perform material acceptance tests before they passed their certification testing and could not locate the required exam for 1 tester.
The Department has worked closely with the Federal Highway Administration (FHWA) on our QA program and continues to receive feedback from them on the strength of our program. The Department will continue to put improvements in place for the QA program based on the SAO audit recommendations. These issues will be discussed at the 2025 Material Assurance Training offered 3/19/2025, and we will continue to deliver other training to Project Engineering Offices to emphasize QA program requirements throughout the year.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 23 U.S. Code of Federal Regulations (CFR) Part 637, Construction Inspection and Approval establishes the following applicable requirements:
Section 637.201 Purpose
To prescribe policies, procedures, and guidelines to assure the quality of materials and construction in all Federal-aid highway projects on the National Highway System.
Section 637.205 Policy
a. Quality assurance program. Each STD shall develop a quality assurance program which will assure that the materials and workmanship incorporated into each Federal-aid highway construction project on the NHS are in conformity with the requirements of the approved plans and specifications, including approved changes. The program must meet criteria in (Section 637.207) and be approved by the FHWA.
b. STD capabilities. The STD shall maintain an adequate, qualified staff to administer its quality assurance program. The State shall also maintain a central laboratory. The State’s central laboratory shall meet the requirements in (Section 637.209(a)(2))
c. Independent assurance program. Independent assurance samples and tests or other procedures shall be performed by qualified sampling and testing personnel employed by the STD or its designated agent.
d. Verification sampling and testing. The verification sampling and testing are to be performed by qualified testing personnel employed by the STD or its designated agent, excluding the contractor and vendor.
e. Random samples. All samples used for quality control and verification sampling and testing shall be random samples.
Section 637.207 Quality assurance program
a. Each STD’s quality assurance program shall provide for an acceptance program and an independent assurance (IA) program consisting of the following:
1. Acceptance program.
i. Each STD’s acceptance program shall consist of the following:
A. Frequency guide schedules for verification sampling and testing which will give general guidance to personnel responsible for the program and allow adaptation to specific project conditions and needs.
B. Identification of the specific location in the construction or production operation at which verification sampling and testing is to be accomplished.
C. Identification of the specific attributes to be inspected which reflect the quality of the finished product.
ii. Quality control sampling and testing results may be used as part of the acceptance decision provided that:
A. The sampling and testing has been performed by qualified laboratories and qualified sampling and testing personnel.
B. The quality of the material has been validated by the verification sampling and testing. The verification testing shall be performed on samples that are taken independently of the quality control samples.
C. The quality control sampling and testing is evaluated by an IA program.
The Department of Transportation’s Construction Manual (M41-01), Chapter 9: Materials, states in part:
9-1 General
The quality of materials used on the project will be evaluated and accepted in various ways, whether by testing of samples, visual inspection, or certification of compliance. This chapter details the manner in which these materials can be accepted. Requirements for materials are described in Standard Specifications for Road, Bridge, and Municipal Construction M 41-10 Section 1-06 and Division 9.
It is the Project Engineer’s responsibility to accept materials in accordance with this chapter. For materials that do not meet specification requirements, the Project Engineer shall contact the State Construction Office which will coordinate with the State Materials Engineer or Assistant State Materials Engineer to determine the appropriate action.
9-1.2C Record of Materials
The Project office is required to maintain documentation in the project records on quantities paid, quantities placed, quantities field verified for materials that have sampling frequencies, WSDOT Fabrication Inspection items, or where quantities are needed for Acceptance Criteria such as Manufacturer Certificate of Compliance. Any changes to the acceptance requirements, additional permanently incorporated materials used, or any additional materials added to the project by change order or force account need to be documented and tracked in the project records.
9-5.3 WSDOT Testing Technician Qualification Program (WTTQP)
All testing Technicians that conduct QA/QV testing shall be certified through the WTTQP. For registration information contact the Region Independent Assurance Inspector.
The purpose of this program is to provide uniform statewide testing by ensuring testing technicians meet the WTTQP module certification and method qualification process below. This program is based on AASHTO R 25.The State Quality Systems Manager performs oversite of WSDOT’s Testing Technician Qualification Program (WTTQP). The Quality Systems Section at the State Materials Laboratory is responsible for maintaining the Tester Qualification database information for all WTTQP Testing Technicians. A Testing Technician will not be certified or qualified until listed as “Available” by the Quality Systems Manager.
The Region Independent Assurance Inspectors are responsible for entering their region data into the Tester Qualification database and submitting the WTTQP internal certification or qualification records to the Quality Systems Section.
2024-011 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with federal requirements for suspension and debarment and wage rate notification.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
20.205 COVID-19 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement
Pass-through Entity Name: None
Pass-through Award/Contract Number:
Applicable Compliance Component: None
Suspension and Debarment
Special Tests and Provisions – Wage Rate Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for highway construction projects that it will pay in whole or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding the contract or making purchases, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower-tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. In addition, all prime construction contracts more than $2,000 awarded by nonfederal entities must include a provision for compliance with the Davis-Bacon Act for payment of prevailing wages to laborers.
Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid. FHWA Form FHWA-1273 includes the required Davis-Bacon and related act provisions as well as a suspension and debarment certification.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. In fiscal year 2024, the Department awarded about $890 million to contractors participating in construction projects under the federal Highway Planning and Construction program.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements for suspension and debarment and wage rate notifications.
We examined 12 out of 37 contracts totaling about $735 million awarded by the Department. We found one contract for about $479 million (65%) in which the Department did not include the required Form FHWA-1273 in the contract provisions.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
During the contract execution phase, management did not adequately review contract documents to ensure they included the Form FHWA-1273 before requesting the contractor’s signature. Management did not immediately recognize that the contract did not include the required certification on federal suspension and debarment, or the requirement to pay prevailing wages to laborers.
The Department discovered the missing form after the contract was awarded and signed into effect, but did not approve a change order to amend the contract with the contractor until after the audit period.
Effect of Condition
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. Any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Additionally, by not including language in the contract terms and conditions requiring the contractor to pay all laborers and lower-tier contractors and subcontractors prevailing wages, the Department is at an increased risk of obligating federal funding to contractors to perform work that does not meet federal prevailing wage laws.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with state laws and regulations, FHWA regulations, and its own policies and procedures
• Improve its internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its policies and procedures for awarding contracts
Department’s Response
We appreciate the State Auditor’s Office (SAO) audit of the Federal Highway Administration’s (FHWA) Program. The Department is committed to ensuring our programs comply with federal regulations related to procurement, suspension, and debarment. We also appreciate the importance of including all required contract provisions in our federal-aid construction contracts. We acknowledge the Department did not include a required federal form (form FHWA-1273) as part of one contract. We would also like to state that the Department has policies & procedures, approved by FHWA, in place to ensure all contracts awarded have all the necessary elements to meet both state and federal requirements. In thoroughly investigating the details around this occurrence, there are several components we believe are worth noting:
• There is clear guidance provided to teams to ensure that Form 1273 is included in all contracts.
• It was simply a mistake that Form 1273 was left out of this set of contract documents. In this case, the contract documents were some 1,200 pages and the inclusion of this form in an appendix was simply overlooked by the project team.
• As a result of various checks and balances already in place, the Department discovered that Form 1273 was missing. This was ahead of the audit and also before any work started on the contract. Upon that discovery, we added Form 1273 by executing Change Order number 1 to the construction contract in question July 18, 2024. There were no negative repercussions or issues created.
• As an additional protection, all contracts include language that requires the contractor to meet the various requirements associated with Form 1273, whether Form 1273 was included in the contract or not.
We’ve had follow-up conversations with appropriate staff on lessons learned from this occurrence and believe the issue has been addressed moving forward.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 U.S. Code of Federal Regulations (CFR) Part 180, OMB Guidelines on Agencies on Government Wide Department and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
Title 29 U.S Code of Federal Regulations (CFR) Part 5, Labor Standards Provisions Applicable to Contracts Covering Federally Financed and Assisted Construction (also Labor Standards Provisions Applicable to Nonconstruction Contracts Subject to the Contract Work Hours and Safety Standards Act), Section 5, Contract provisions and related matters, describes the requirements for payment of prevailing wages to laborers and contractors.
2024-012 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-012
Background
The Washington State Department of Transportation’s Local Programs Office administers Highway Planning and Construction Program funding to local agencies throughout the state for highway construction projects. The Department spent about $818 million on highway projects during fiscal year 2024. Of that amount, it awarded about $425 million to local agencies through subawards for 355 new and existing projects across the state.
Pass-through entities are required to monitor the activities of their subrecipients to ensure they are properly using federal funds. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
For the subawards made during fiscal year 2024, Department management delegated the responsibility to complete risk assessments for individual projects to the Local Programs Engineers who were assigned to the regional office that oversees the project. When the Department prepares to monitor or review a subrecipient, it selects an open and active project and evaluates the subrecipient based on its performance under that project.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program. The prior finding number was 2023-012.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
We randomly selected and examined 28 of the 355 projects awarded funding during the audit period to determine if the Department performed a risk assessment of each project to determine the appropriate level of monitoring required for the subrecipient. We found the Department did not complete risk assessments for six of the 28 projects (21 %). Three risk assessments were signed and dated by Department staff after the audit period had ended. The other three projects did not have a risk assessment performed.
We consider this internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure the Local Programs Engineers performed risk assessments for each subrecipient project awarded program funds.
Effect of Condition
Not performing risk assessments makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the grant’s terms and conditions. Without verifying the Local Programs Engineers completed risk assessments for each awarded project, the Department cannot ensure it is performing risk assessments consistently and using the proper criteria to determine the appropriate amount of monitoring required for each subrecipient project.
Recommendation
We recommend the Department:
• Ensure it properly performs and documents the required risk assessments, which would allow management to evaluate the results and demonstrate compliance with federal requirements.
• Improve its monitoring of regional Local Programs Engineers to ensure they complete risk assessments for each program-funded project.
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Highway Planning and Construction program. WSDOT is committed to ensuring our programs comply with federal regulations.
Risks assessments for subrecipients in this FHWA grant program are the responsibility of WSDOT’s Regional Local Programs Engineers, located in the six WSDOT Regions. While every attempt is made to complete a risk assessment at each phase of a project, staff turnover contributed to the lack of consistency and timeliness in completing these assessments. To help ensure consistency, the Department has updated position descriptions for Local Programs Engineers to reflect this requirement.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, section 332, Requirements for pass-through entities, establishes requirements for pass-through entities to evaluate each subrecipients’ risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate level of subrecipient monitoring.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-013 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Wage Rate Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-013
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $818 million in federal Highway Planning and Construction program funds during fiscal year 2024. Of that amount, it spent more than $389 million on state-administered construction projects.
All laborers and mechanics employed by contractors or subcontractors to work on construction contracts exceeding $2,000 financed by federal assistance funds must be paid wages that are no less than those established for the locality of the project (prevailing wage rates) by the Department of Labor. All contractors and subcontractors are required to submit a copy of their payroll and a statement of compliance (certified payrolls) on a weekly basis, for each week in which any applicable contract work is performed. The Department’s construction projects typically involve both a prime contractor and subcontractors to complete work on the project. The Department is required to authorize the prime contractor’s use of subcontractors on a project.
The Department requires field inspectors to be onsite during construction work to ensure projects are completed in accordance with contract specifications. For every day of the week in which contract work is performed, Project Engineers, Project Managers, or Chief Inspectors overseeing construction review inspector’s reports to document which contractors are required to submit certified payrolls for the given week.
The Department publishes the Standard Specifications for Road, Bridge and Municipal Construction (Standard Specifications), in addition to the Construction Manual (M.41-01.41), which applies to its construction contracts, and is approved by the U.S. Federal Highway Administration of the Department of Transportation. These specifications require contractors to submit certified payrolls to the Department on a weekly basis for each weekly payroll period. The Standard Specifications further stipulate that contractors must use the Washington State Department of Labor and Industry’s Prevailing Wage Intents and Affidavit System (PWIA) to submit weekly certified payrolls on federal and state projects. The Construction Manual further requires that Project Engineers verify that contractor certified payrolls are submitted on a weekly basis in PWIA. If the contractor’s certifications are not submitted in a timely manner, the Standard Specifications permit the Department to withhold payment from contractors and enact other sanctions as necessary.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the Highway Planning and Construction program. The prior finding number was 2023-013.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the program.
We found that the Department’s internal controls were not adequate to ensure all contractors and subcontractors submitted certified payrolls on a weekly basis, as required by federal law and the Standard Specifications.
We used a statistical sampling method to randomly select 85 out of a total 1,605 weeks in which contract work was performed on federally funded construction projects, to determine whether the Department received certified payrolls from the prime contractor and all subcontractors performing work on the project on a weekly basis, or within one week of the preceding payroll period end date, as required by federal law and Department policies. We identified the 85 weeks required a total of 576 certified payrolls to be submitted to the Department.
Collecting certified payrolls
The Department did not collect all certified payrolls from the prime contractor and subcontractors on a weekly basis for 79 of the 85 weeks we examined (93 %). We performed testing to determine whether the Department collected all certified payrolls due from contractors working on the project within seven days (or one week) of the payroll week ending date.
We identified 29 payrolls that were not collected by the Department before the end of the audit period. Of the 547 payrolls submitted to the Department, 305 (56 %) were not submitted within seven days of the payroll week ending date, as required by federal law and the Construction Manual. On average, these payrolls were 21 days late and we found:
• 145 payrolls were between one and seven days late;
• 65 payrolls were between eight and 14 days late;
• 47 payrolls were between 15 and 30 days late; and
• 48 payrolls were more than 30 days late, with the oldest being 279 days late
Review of certified payrolls
We performed additional testing to determine whether the Department submitted a request to the contractor to supply overdue payrolls in the PWIA system, as required by the Construction Manual. We found 204 overdue payrolls (67 %) had no requests submitted to the prime contractor or subcontractor (if applicable). Additionally, 95 of these payrolls were submitted more than one week late, with the oldest being 279 days late.
We inquired with the Department as to whether any sanctions were imposed upon contractors with late or missing certified payroll submissions. We determined two payments related to one contract from our sample had payment partially withheld due to delinquent payrolls. However, we received no additional records to demonstrate sanctions imposed on contractors for the weeks reviewed as part of the audit.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not adequately monitor Project Offices and the PWIA system to ensure compliance with federal requirements and the Construction Manual. While the Department’s Construction Manual and Standard Specifications have documented policies and procedures in place for Project Engineers to follow to track certified payrolls due from contractors, they do not include clear guidance on when and how Project Engineers follow up on late submissions and issue sanctions. Additionally, Project Engineers did not consistently follow these policies when monitoring contractors for compliance and documenting certified payrolls due on construction projects.
Effect of Condition
Without collecting all certified payrolls timely, the Department cannot ensure that laborers working on federally funded construction contracts are being paid the applicable prevailing wages, as required by law, which could make the Department and the contractor vulnerable to sanctions by the U.S. Department of Labor.
In addition, by not collecting certified payrolls on a weekly basis, the Department is not in compliance with federal requirements and may be subject to actions by the federal grantor.
Recommendations
We recommend the Department:
• Improve internal controls to ensure Project Engineers monitor the status of certified payrolls due from contractors on a weekly basis in accordance with its Construction Manual, ensure contractors are made aware of delinquent payrolls, and consideration is given to assessing sanctions on noncompliant contractors in accordance with its Standard Specifications, such as withholding any or all payments to the contractor, as necessary, when contractors do not submit required certified payrolls on a weekly basis
• Monitor projects offices to ensure contractors are notified in PWIA when they have not provided certified payrolls for a given week of contract work, in accordance with the Construction Manual, and request all overdue or missing payrolls immediately
• Ensure certified payrolls are collected from prime contractors and all subcontractors on a weekly basis, in accordance with federal law and the Construction Manual
• Consider modifying the Construction Manual to define the circumstances in which sanctions must be imposed upon contractors with incomplete, overdue or missing certified payrolls
Department’s Response
The Washington State Department of Transportation appreciate the State Auditor’s Office (SAO) audit of the Federal Highway Administration’s (FHWA) Program. The Department is committed to ensuring our programs comply with federal regulations.
As WSDOT indicated in previous years for similar findings, the draft audit finding does not consider the nature of the contractual relationship between the contractor and WSDOT as the owner. The owner's compliance with the Davis-Bacon Act and regulations cited in the finding is determined by collective actions specified by regulations and not merely by how many payrolls are collected from the contractor within an arbitrary 7-day window. WSDOT, in close consultation with the FHWA, has established contract administration processes with contingencies built in to address and correct for contractor noncompliance. In addition, WSDOT will not issue project Completion until all certified payrolls are collected (Standard Specifications 1-08.5.2, Time for Completion). FHWA guidance recommends actions to take if a contractor is habitually late in submitting payrolls but leaves it up to WSDOT to determine when sanctions should be imposed. WSDOT’s Standard Specifications (1-07.9(5)) on certified payrolls aligns with FHWA guidance. Sanctions are imposed as appropriate during the life of a contract. We also point out that SAO only reviewed the Department’s actions taken, such as sanctions, only as they applied to the original weeks tested, not for other weeks within the contract. Sanctions are taken when contractors meet certain criteria such as being habitually late. As a result, SAO did not review or consider all evidence we provided of sanctions taken on late payrolls during the contract period, when it was not within the weeks originally tested. We will continue to look for opportunities to improve our process as well as our documentation to demonstrate compliance with the Davis-Bacon Act requirements. In addition, we will continue consulting with FHWA for any further actions needed to resolve this finding. Changes to the Construction Manual just approved by FHWA in January 2025, will help to clarify timeliness in submission of certified payrolls and Department follow up actions, and should help clarify the rules we’re evaluated against regarding certified payrolls
In FHWA’s management decision letter of November 14, 2024, in response to a similar finding for FY 2023, the grantor states “FHWA believes that WSDOT’s procedures, in their entirety, contain the necessary controls to ensure reasonable compliance with 29 CFR 5.5 and FHWA Davis-Bacon and Related Acts Questions and Answers. Ensuring all certified payrolls are collected, and considering sanctions or other appropriate actions for missing payrolls using the methods outlined in WSDOT’s procedures provide sufficient internal control and reasonable compliance, notwithstanding the collection of the payrolls within a seven-day period. FHWA considers this finding to be resolved.”
In this year’s audit, the State Auditor sampled 85 weeks and the required 547 certified payrolls for contract work performed on federally funded construction projects during that period. WSDOT collected all the required 547 certified payrolls. SAO identified 29 payrolls that were “not collected by the Department before the end of the audit period”, however these payrolls were collected. Because these 29 payrolls were collected during a week that SAO had not tested, the auditor did not report the payrolls as collected. Of the 547 payrolls only 48 were 30-days or more late and only 25 (4.5%) were 60-days or more late. This result is below the exception threshold typically allowed by the State Auditor of 5%. At 60-days, the Department has its first opportunity to initiate sanctions against the contractor. Of the 25 payrolls that were at least 60-days late, WSDOT had imposed sanctions against a contractor, including withholding payment. WSDOT had also performed actions, such as notifying the contractors via email or during weekly meetings with the contractors. Sanctions prior to 60-days, are not feasible, as the contractors are paid monthly for the prior month’s work, and WSDOT has 30-days to process payments.
As indicated last year, WSDOT is in the midst of delivering its largest and one of its most complex construction programs in our history and is doing so with lower and less experienced staffing levels than it had to deliver past construction programs.
Auditor’s Remarks
In determining our audit opinion on the Department’s compliance, we did not give consideration to payrolls collected after the one-week due date that were also collected after the audit period ended. Regarding the 29 missing certified payrolls, based on Department records and PWIA, as of our audit, 10 of these payrolls had not yet been collected by the Department. The 19 payrolls that were eventually collected were received by the Department from July 2, 2024 to January 9, 2025, which is between 10 and 426 days beyond the one-week due date, and between two and 193 days after the audit period end date.
Our testing of contractor certified payrolls was designed to address the U.S. Department of Labor (USDOL) regulations outlined in the Davis-Bacon Act and related requirements concerning federally-funded construction projects (Title 29 CFR, Subpart A – Davis-Bacon and Related Acts Provisions and Procedures, Subsection 5.5). These requirements, in addition to the suggested audit procedures in Part 4 of the Uniform Guidance Compliance Supplement, were applied to our audit testing. Federal law requires for contractors and subcontractors participating in federal-aid construction projects to submit weekly and for each week certified payrolls to the Department. In addition, the Department’s Construction Manual requires contractors to submit certified payrolls on federal-aid projects weekly regardless of whether or not work was performed. Using these criteria expanded upon in the Applicable Laws and Regulations below, we do not believe our interpretation that payrolls should be collected in the week following the preceding payroll week’s ending date is arbitrary.
Furthermore, the USDOL Wage and Hour Division’s Final Rule (effective October 23, 2023) concerning the Davis-Bacon and Related Acts Regulations, stipulates that “contractors and subcontractors are required to provide certified payrolls to the contracting agency to demonstrate their compliance with Davis-Bacon Act requirements on a weekly basis,” and that “the Department cannot allow contractors to pay required prevailing wages or submit certified payrolls on a basis less frequent than weekly.”
We reviewed all documentation provided by the Department addressing late or missing contractor certified payrolls. The Department’s records show only two contract payments (only one of which corresponded to a week we examined as part of this audit) had partial payment withheld from the prime contractor. In addition, the Department only followed up on one-third of its overdue payrolls examined as part of this audit by submitting requests to the contractor to furnish the required payrolls as outlined in the Construction Manual. We believe these observations support our opinion that the Department’s internal controls were not sufficient to detect and correct material noncompliance with respect to the federal requirements. The Department also acknowledges in its response that approximately nine percent of its certified payrolls collected from contractors were more than 30 days late which we believe is significant, as the Department reviews pay estimates from prime contractors on a monthly basis, and this indicates that the Department is not following up on overdue contractor certified payrolls weekly as the Construction Manual requires.
The Department also states it is not feasible to impose sanctions upon contractors with habitually late payrolls before 60 days have passed from the week(s) of work ending due to its designed payment delivery method. Without ensuring its prime contractors have submitted certified payrolls for their employees and for all approved subcontractors performing work under the contract, the Department cannot ensure the contractor has paid prevailing wages to all laborers and mechanics, and that laborers have been paid on a weekly basis, as federal law requires.
We appreciate the Department’s willingness to re-define its contractor monitoring requirements in its Construction Manual with the federal grantor, and we expect that these revisions more narrowly define the expectations for what specific follow-up actions the Department must take against the contractor and define the timelines for performing necessary follow-up actions.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 29 CFR Part 5, Labor Standards Provisions Applicable to Contract Covering Federally Financed and Assisted Constructed (Also Labor Standards Provisions Applicable to Nonconstruction Contracts Subject to the Contract Work Hours and Safety Standard Act), section 5, Contract provisions and related matters, establishes the requirements for including prevailing wage clauses in federal-aid contracts, payment withholding, and required documents.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Federal Highway Administration Davis-Bacon and Related Acts Questions and Answers, section 56, states that contracting agencies are responsible for properly applying and enforcing prevailing wage requirements in covered contracts including:
a. Verifying that covered contracts have incorporated the required Davis-Bacon clauses and the applicable wage determination(s);
b. Verifying that the Davis-Bacon notice and the applicable wage determination(s) are displayed at the site of the work in a conspicuous location in clear view of everyone;
c. Reviewing certified payrolls in a timely manner;
d. Conducting employee interviews
e. Conducting reviews and investigations of covered contracts in conjunction with FHWA as appropriate;
f. Forwarding refusal to pay and/or debarment consideration cases to the USDOL Wage and Hour Division for appropriate action; and
g. Submitting enforcement reports and semi-annual enforcement reports to the USDOl Wage and Hour Division
The Washington State Department of Transportation’s Construction Manual (M41-01.43), April 2024 edition, section 1-07.9, Wages, states in part:
Federal Prevailing Wage
Enforcement of Federal Prevailing Wage Provisions
In addition to the requirements of Standard Specifications Section 1-07.9, all Contracts financed with Federal funding includes the Required Contract Provisions for Federal-Aid Construction Contracts (FHWA-1273). These provisions identify Federal wage requirements. The Federal prevailing wage requirements included in these provisions are also commonly referred to as Davis Bacon and Related Acts (DBRA). It is the Project Engineer’s responsibility to monitor and enforce these provisions to the degree necessary to ensure full compliance. In order to comply with these requirements, the Contractor must:
Submit weekly certified payrolls to the Project Engineer through LNI’s Prevailing Wage Intents and Affidavits (PWIA) system.
Ensure each Subcontractor, and each agent or lower-tier subcontractor submits weekly certified payrolls to the Project Engineer through PWIA.
SS1-07.9(5) Required Documents
Statement of Intent
Every Contractor, Subcontractor, agent, or lower tier subcontractor performing work on a public works contract must submit a Statement of Intent to Pay Prevailing Wages to LNI for approval. Separate Intents are required for each Request to Sublet submitted on the project. Hiring Contractors are required to file an Intent if they hire a lower tier subcontractor subject to prevailing wages.
Affidavit of Wages Paid
Prior to Contract Completion, the Contractor, all Subcontractors, agents and lower-tier subcontractors must submit an Affidavit of Wages Paid to the Project Engineer using PWIA. The form may be submitted earlier by a Subcontractor or lower-tier subcontractor if that firm’s work is completed prior to Completion of the Contract. All Affidavits must be approved by LNI prior to Contract Completion.
Certified Payroll
Certified payroll must be submitted to the Project Engineer through PWIA for each Contractor, Subcontractor, and each lower tier subcontractor performing work on the project, regardless of funding source or delivery method. Certified payrolls are required from the time each Firm begins performing Contract work until the time the Affidavit is visible in PWIA, or until the Contractor has identified their last certified payroll has been Submitted. Once the Affidavit is visible in PWIA, the Affidavit has been approved by LNI. The last working day is included on the Affidavit, and the Project Office should compare this date to the last certified payroll submitted.
A tracking sheet is required to document when Project Office staff verify that certified payrolls are received through PWIA. The frequency of verification depends on the funding source of the project. Weekly verification is required for federally funded projects, while monthly verification is required for state funded contracts. The tracking sheet needs to indicate that all active Contracts have been checked for late or missing certified payrolls. PWIA will be used to track requests made for missing certified payrolls. A separate tracking sheet may be used to track which certified payrolls have been verified for each Project.
Federally funded projects require weekly submittals. Further review of the payroll will be required to ensure the Federal prevailed wage rate is met using the Wage Determination included in the Contract Special Provisions.
Federally funded Contracts:
• Weekly submittals
• No leniency on late submittals
• Required for every week, whether work was performed or not
• Enforcement of all Federal requirements will remain WSDOT responsibility
Federally funded projects require weekly submittal of certified payrolls. If the Contractor is unable to submit their payroll electronically using PWIA, they must submit the certified payrolls directly to the Project Office.
Non-compliance or non-submittal could result in the Project Engineer withholding an
appropriate portion of payment (see Section SS 1-09.9).
The Washington State Department of Transportation’s Construction Manual (M41-01.43), April 2024 edition, section 1-09, Measurement and Payment, states in part:
Withholding of Payments
Withholding payments for the work the Contractor has performed and completed in accordance with the contract should not be done casually. There must be clear contract language supporting the action. The authority to withhold progress payments is subdelegated to the Regions. Further delegation to the Project Engineers is at the discretion of each Region.
Delinquent Contractor Submittals
Missing submittals is a principal source of delays in closing out the project and processing the final estimate. As the project proceeds toward completion, the Project Engineer and the Contractor should attempt to obtain all submittals as the need arises. These might include such things as materials certificates, certified payrolls, extension of time requests, or any other item or document that delay processing the final estimate.
2024-014 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with quality assurance program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Quality Assurance Program
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-014
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction Program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $818 million in federal Highway Planning and Construction program funds during fiscal year 2024. Of that amount, it spent more than $389 million on state-administered construction projects.
Federal regulations require that the Department have a quality assurance (QA) program, approved by the Federal Highway Administration (FHWA), for construction projects on the National Highway System to ensure that materials and workmanship conform to approved plans and specifications. Verification sampling must be performed by qualified testing personnel employed by the Department or its designated agent, excluding the contractor.
The Department’s QA program requirements are outlined in the Construction Manual, which is approved by the FHWA. This manual documents how materials are tested for acceptance before being incorporated into construction projects. Materials can be accepted in various ways, such as sample testing, a visual inspection documented by the Field Note Record or Inspector’s Daily Report, or a certification of compliance from the manufacturer. If a materials test is required, the Department must ensure that only qualified people perform the testing, including independent testers, consultants or certified Department employees.
To ensure that materials incorporated into a project meet approved plans and specifications, the Department prepares a list of prescribed materials to be used on the project. The Department uploads this list to a program called the Record of Materials (ROM). The ROM sets forth the materials and quantities that are expected to be used on the project, and it documents the proper acceptance criteria, including any test(s) personnel are required to perform on a material.
To ensure that only qualified people perform the testing, testers must pass a certification exam, which consists of a written and performance exam. After passing both, the testers are entered into the Qualified Tester Database and are certified for five years, after which they must recertify by passing both exams again. There are two different types of tester qualifications: module and method. Module testers are proficient in multiple method tests that can encompass all method tests for a particular material, whereas method testers may only be proficient in particular tests for any given material.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed materials testing for projects funded by the Highway Planning and Construction program. The prior finding numbers were 2023-014, 2022-011, 2021-011, 2020-017 and 2019-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction program.
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
We used a statistical sampling method and randomly selected and examined 58 out of a total population of 1,687 materials that were used on federally funded projects during state fiscal year 2024. For the 58 randomly selected materials, we requested supporting documentation for acceptance and/or testing of the material. We found:
• One material where the Department did not obtain the manufacturer’s certificate of compliance
• One material where the project engineer did not perform testing in accordance with the Department’s Standard Specifications
Testing personnel were not properly certified
We obtained data from the Department to identify materials tested for acceptance during the audit period. Using this data, we identified 1,080 unique tester and acceptance test types corresponding to the materials tested. We used a statistical sampling method and randomly selected and examined 57 out of the 1,080 to verify whether the testers performing materials testing for the Department had all required documents to support the tester’s certification. We found:
• One instance where the tester was missing a required exam for certification
• Three instances where the Department was unable to provide documentation to support that the tester met certification requirements
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
Management did not adequately monitor project offices to ensure all required materials testing and acceptance occurred in accordance with the Construction Manual.
Testing personnel were not properly certified
Project Engineers did not ensure tester qualifications were current, and management did not ensure that only qualified testers performed materials testing and acceptance on behalf of the Department.
Effect of Condition
By not adequately monitoring project materials to ensure they conform to approved plans and specifications, the Department does not have reasonable assurance that materials incorporated into projects conform to standard specifications and the Construction Manual.
By not properly verifying and documenting the testers’ qualifications, the Department risks improper material testing. This could result in the Department using materials that may not conform to approved plans and specifications.
Recommendations
We recommend the Department:
• Improve internal controls, and monitor project offices, to ensure that required sampling activities occur, as required, and permanently incorporated materials conform to standard specifications for all federal aid construction projects
• Strengthen internal controls to ensure testers have completed all required exams and that they have proper documentation of passing these exams before performing sampling activities
• Continue to review all testers to ensure they meet the minimum requirements for certification before performing materials testing on projects receiving federal aid
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office (SAO) audit of the Federal Highway Program and the federally required Quality Assurance (QA) program. The Department is committed to ensuring our programs continue to comply with federal regulations and recognizes that there are always opportunities for improvement to its QA program.
The Department continues towards replacement of its ROM legacy system; therefore, it was not practical to modify this system to help correct issues reported in a similar finding in previous Single Audits. Instead, the Department eliminated its practice requiring updates to the ROM within 30 days of payment and instead relies on the required documentation, as evidence of proper material acceptance. In addition, WSDOT modified its practice related to how tester data is reviewed and entered into the tester certification tracking system, as a result of audit recommendations from a prior audit, however this change was not formally adopted into policy until the Construction Manual was approved in April 2024. All offices now funnel tester data to the Headquarters Quality Assurance Program for review and entry. These changes to practices were communicated to appropriate staff and are reflected in the Construction Manual, which was reviewed and approved by FHWA.
Materials Acceptance
The construction contracts awarded in FY24 utilizing federal funding contained more than 4,600 materials and SAO identified 1,687 that required testing. SAO examined documentation for 58 materials that required testing. Through our review of SAO’s exceptions the Department found only 2 materials (3.4%) where we could not provide documentation to support that testing occurred or was not required.
Testing Personnel Certifications
FY24 had over 7,000 materials tested. The State Auditor selected and reviewed documentation for 57 tests and whether the testers performing materials testing activities for the Department had all required documents to support their certification and took exception to documentation provided. The Department had 3 testers perform material acceptance tests before they passed their certification testing and could not locate the required exam for 1 tester.
The Department has worked closely with the Federal Highway Administration (FHWA) on our QA program and continues to receive feedback from them on the strength of our program. The Department will continue to put improvements in place for the QA program based on the SAO audit recommendations. These issues will be discussed at the 2025 Material Assurance Training offered 3/19/2025, and we will continue to deliver other training to Project Engineering Offices to emphasize QA program requirements throughout the year.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 23 U.S. Code of Federal Regulations (CFR) Part 637, Construction Inspection and Approval establishes the following applicable requirements:
Section 637.201 Purpose
To prescribe policies, procedures, and guidelines to assure the quality of materials and construction in all Federal-aid highway projects on the National Highway System.
Section 637.205 Policy
a. Quality assurance program. Each STD shall develop a quality assurance program which will assure that the materials and workmanship incorporated into each Federal-aid highway construction project on the NHS are in conformity with the requirements of the approved plans and specifications, including approved changes. The program must meet criteria in (Section 637.207) and be approved by the FHWA.
b. STD capabilities. The STD shall maintain an adequate, qualified staff to administer its quality assurance program. The State shall also maintain a central laboratory. The State’s central laboratory shall meet the requirements in (Section 637.209(a)(2))
c. Independent assurance program. Independent assurance samples and tests or other procedures shall be performed by qualified sampling and testing personnel employed by the STD or its designated agent.
d. Verification sampling and testing. The verification sampling and testing are to be performed by qualified testing personnel employed by the STD or its designated agent, excluding the contractor and vendor.
e. Random samples. All samples used for quality control and verification sampling and testing shall be random samples.
Section 637.207 Quality assurance program
a. Each STD’s quality assurance program shall provide for an acceptance program and an independent assurance (IA) program consisting of the following:
1. Acceptance program.
i. Each STD’s acceptance program shall consist of the following:
A. Frequency guide schedules for verification sampling and testing which will give general guidance to personnel responsible for the program and allow adaptation to specific project conditions and needs.
B. Identification of the specific location in the construction or production operation at which verification sampling and testing is to be accomplished.
C. Identification of the specific attributes to be inspected which reflect the quality of the finished product.
ii. Quality control sampling and testing results may be used as part of the acceptance decision provided that:
A. The sampling and testing has been performed by qualified laboratories and qualified sampling and testing personnel.
B. The quality of the material has been validated by the verification sampling and testing. The verification testing shall be performed on samples that are taken independently of the quality control samples.
C. The quality control sampling and testing is evaluated by an IA program.
The Department of Transportation’s Construction Manual (M41-01), Chapter 9: Materials, states in part:
9-1 General
The quality of materials used on the project will be evaluated and accepted in various ways, whether by testing of samples, visual inspection, or certification of compliance. This chapter details the manner in which these materials can be accepted. Requirements for materials are described in Standard Specifications for Road, Bridge, and Municipal Construction M 41-10 Section 1-06 and Division 9.
It is the Project Engineer’s responsibility to accept materials in accordance with this chapter. For materials that do not meet specification requirements, the Project Engineer shall contact the State Construction Office which will coordinate with the State Materials Engineer or Assistant State Materials Engineer to determine the appropriate action.
9-1.2C Record of Materials
The Project office is required to maintain documentation in the project records on quantities paid, quantities placed, quantities field verified for materials that have sampling frequencies, WSDOT Fabrication Inspection items, or where quantities are needed for Acceptance Criteria such as Manufacturer Certificate of Compliance. Any changes to the acceptance requirements, additional permanently incorporated materials used, or any additional materials added to the project by change order or force account need to be documented and tracked in the project records.
9-5.3 WSDOT Testing Technician Qualification Program (WTTQP)
All testing Technicians that conduct QA/QV testing shall be certified through the WTTQP. For registration information contact the Region Independent Assurance Inspector.
The purpose of this program is to provide uniform statewide testing by ensuring testing technicians meet the WTTQP module certification and method qualification process below. This program is based on AASHTO R 25.The State Quality Systems Manager performs oversite of WSDOT’s Testing Technician Qualification Program (WTTQP). The Quality Systems Section at the State Materials Laboratory is responsible for maintaining the Tester Qualification database information for all WTTQP Testing Technicians. A Testing Technician will not be certified or qualified until listed as “Available” by the Quality Systems Manager.
The Region Independent Assurance Inspectors are responsible for entering their region data into the Tester Qualification database and submitting the WTTQP internal certification or qualification records to the Quality Systems Section.
2024-015 The Housing Finance Commission did not have adequate internal controls over eligibility requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-022
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2024, the Commission spent about $70.8 million in HAF funds. The Commission is required to ensure all homeowners who receive HAF funds are eligible for the program. The HAF Plan Term Sheet, approved by the federal grantor, outlines the general eligibility requirements for the program. The Commission entered into an agreement with a contractor to perform eligibility determinations for the program. As part of the agreement, the contractor reviews eligibility determinations for 10% of applications that were approved, denied and withdrawn each quarter. To ensure the contractor made the correct determinations, Commission staff reviews eligibility determinations that the contractor reviewed. For the first two quarters of the year, Commission staff reviewed 10% of the eligibility determinations reviewed by the contractor then increased this review to 20% for the last two quarters.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Commission did not have adequate internal controls over eligibility requirements. The prior finding number was 2023-022.
Description of Condition
The Commission did not have adequate internal controls over eligibility requirements for the HAF program.
During the first two quarters of the audit period, the Commission only reviewed 1% of all approved, denied and withdrawn applications. During the third quarter, the Commission increased its review to 2% of all approved, denied and withdrawn applications. The determinations that staff reviewed were only taken from those that the contractor selected, so the Commission had no assurance that the application determinations the contractor did not select were made properly. During the last month of the year, the Commission began reviewing eligibility determinations of all applicants before issuing a payment. Because the Commission did not perform any additional independent reviews for 11 out of the 12 months, we determined the Commission did not perform an adequate level of review to ensure proper eligibility determinations were made for the program as a whole.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
Management believed the level of review Commission staff performed was adequate to ensure proper eligibility determination for all HAF applicants.
Effect of Condition
Without establishing adequate internal controls, the Commission is at a higher risk of paying ineligible homeowners. Additionally, by only reviewing cases that the contractor selected, there is a risk that the eligibility determinations that Commission staff reviewed were not representative of the program as a whole.
Recommendations
We recommend the Commission:
• Improve internal controls to ensure it only provides HAF funds to eligible homeowners
• Ensure that Commission staff perform and document an adequate review of approved, denied and withdrawn HAF applications that are independent of those the contractor reviewed
Commission’s Response
The Commission concurs with this finding.
In response to the prior year’s finding, the Commission doubled its quality control review, participates in the selection of QC files and conducts an independent of those verified by the contractor to ensure a more representative population. In addition, the Commission immediately implemented an independent review of all payments for eligibility under the HAF Program guidelines prior to disbursing funds. The Commission implemented these changes in late FY 2024.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Eligibility. Under this program, HAF participants are responsible for ensuring funds are used for eligible purposes. Generally, HAF participants must develop and implement policies and procedures, and record retention, to determine and monitor implementation of criteria for determining the eligibility of beneficiaries and / or Subrecipients. HAF participants, and if applicable, the Subrecipient(s) administering a program on behalf of the HAF participant, will need to maintain procedures for obtaining information evidencing a given beneficiary, Subrecipient, or contractor’s eligibility, including a valid SAM.gov registration. Implementing risk-based due diligence for eligibility determinations is a best practice to augment your organization’s existing controls.
2024-016 The Housing Finance Commission did not have adequate internal controls over earmarking requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-023
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2024, the Commission spent about $70.8 million in HAF funds. The Commission must meet earmarking requirements for the following four categories:
1. Counseling or educational efforts by housing counseling agencies approved by the U.S. Department of Housing and Urban Development (HUD), tribal government (including such efforts by in-house housing counselors who are HUD certified or tribally approved), or legal services, targeted to households eligible to be served with funding from the HAF related to foreclosure prevention or displacement, in an aggregate amount up to 5% of the funding from the HAF received by the HAF participant.
2. Planning, community engagement, needs assessment and administrative expenses related to the HAF participant’s disbursement of HAF funds for qualified expenses, in an aggregate amount not to exceed 15% of the funding from the HAF received by the HAF participant.
3. Participants are providing not less than 60% of funds to homeowners with income less than 100% of area median income (AMI) or 100% of U.S. median income.
4. Participants target homeowners who are classified as socially disadvantaged individuals (SDIs) and 100% AMI or less.
The Commission is required to meet the requirements of the first, second and third earmarks when the HAF funds are fully expended. When administering the program, the Commission is required to have processes in place to track these requirements to ensure it is compliant at the end of the award.
The HAF Plan, approved by the federal grantor, outlines the program design and the budget allocation for the earmarking categories. These amounts are based on the award being fully expended. For the first two earmarking requirements, the Commission used these budgets to contract for necessary services. Commission staff then maintained a tracking spreadsheet to ensure payments did not exceed the contracted amount.
For the third earmark requirement, the Commission allocated 77% of the HAF award to homeowners, and it required all homeowners to have an income less than 100% AMI. For the fourth earmark requirement, the Commission contracted with a contractor to perform outreach targeting SDIs and those that are less than 100% AMI.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Commission did not have adequate internal controls over earmarking requirements. The prior finding number was 2023-023.
Description of Condition
The Commission did not have adequate internal controls over earmarking requirements for the HAF program.
During the audit period, the Commission tracked contractor payments applicable to the first and second earmarking requirements. However, expenditures were tracked in relation to the amounts budgeted in the HAF Plan. The Commission did not review these expenditures in relation to overall program expenditures to ensure they were on track to be compliant with the established earmarks.
For the third earmarking requirement, the Commission relied on eligibility determinations made by a contractor to ensure all homeowners in the HAF program have income less than 100% AMI. We determined the Commission did not have an adequate process to ensure all applicants met eligibility requirements. This condition is reported as a material weakness in internal controls in audit finding 2024-015.
We did not identify any internal control deficiencies over the fourth earmarking requirement.
We consider this internal control deficiency described above to be a material weakness.
Cause of Condition
While Commission staff tracked payments made to contractors allocated in the HAF Plan, management did not implement procedures to track these amounts to the total program expenditures to be able to ensure compliance.
Additionally, management believed the level of eligibility determination review Commission staff performed was adequate to ensure proper eligibility determination for all HAF applicants.
Effect of Condition
Without adequate internal controls, the Commission is at risk of not meeting the earmarking requirements when the award closes if budget allocations change or the award is not fully expended.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure that it tracks and meets the earmarking requirements
• Improve internal controls to ensure eligibility determinations are made properly
Commission’s Response
The Commission concurs with this finding.
In response to the prior year’s finding, the Commission is implementing a monthly review of drawdown rates to track and meet earmarking requirements relative to expenditure levels. Additionally, the Commission doubled its quality control review, participates in the selection of QC files and conducts an independent of those verified by the contractor to ensure a more representative population. In addition, the Commission immediately implemented an independent review of all payments for eligibility under the HAF Program guidelines. The auditor’s recommendations and the Commission’s implementation began in late FY 24 and was not wholly reflected in this current audit.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund Guidance, states, in part:
Qualified Expenses:
Counseling or educational efforts by housing counseling agencies approved by HUD or a tribal government (including such efforts by in-house housing counselors who are HUD certified or Tribally approved), or legal services, targeted to households eligible to be served with funding from the HAF related to foreclosure prevention or displacement, in an aggregate amount up to 5% of the funding from the HAF received by the HAF participant.
Planning, community engagement, needs assessment, and administrative expenses related to the HAF participant’s disbursement of HAF funds for qualified expenses, in an aggregate amount not to exceed 15% of the funding from the HAF received by the HAF participant.
2024-017 The Housing Finance Commission did not have adequate internal controls over reporting requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-025
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2024, the Commission spent about $70.8 million in HAF funds. The Commission implemented a pilot program before launching the main HAF program. The Commission contracted with a contractor to help implement the main HAF program and maintain participant data. The Commission is required to submit an annual performance report that provides an overview of its intended and actual uses of funding to-date for the pilot and main HAF programs. The federal grantor identified two key lines items on the report that contained critical information:
1. Socially Disadvantaged Individuals (SDIs) – Quantifiable Objective Criteria: Participants are providing not less than 60% of funds to homeowners with income less than 100% area median income (AMI) or 100% of U.S. median income.
2. AMI – Quantifiable Objective Criteria: Participants target homeowners that are classified as SDI and 100% AMI or less.
The HAF Plan, approved by the federal grantor, outlines the budget allocations, goals and types of assistance for the Washington HAF program. The HAF reporting portal automatically populates each section of the annual report template with information from this plan. The Commission is required to submit a narrative on the status of each section. Commission staff use participant data provided by the contractor to complete the report template. Once completed, the preparer submits the report in the HAF reporting portal without management review.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Commission did not have adequate internal controls over and did not comply with reporting requirements. The prior finding number was 2023-025.
Description of Condition
The Commission did not have adequate internal controls over reporting requirements for the HAF program.
The contractor only provided summary-level data to the Commission at the time of reporting. As a result, Commission staff did not have detailed supporting documentation to review to verify that the total amounts in the contractor’s reports were complete and accurate. Additionally, the Commission did not have documented evidence to support that management reviewed the annual report before submission.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Commission did not require the contractor to submit detailed support for the total numbers provided for reporting to ensure all categories were included. Additionally, the Commission did not ensure adequate management review of the report before submission.
Effect of Condition
Without establishing adequate internal controls, which should include reviewing the reports and the detailed supporting documentation to ensure the correct data is reported, management cannot ensure that the reports are complete and accurate.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
Commission’s Response
The Commission concurs with this finding.
The Commission has implemented a system of controls and management review to ensure that data reported to the federal grantor is complete and accurate. The auditor’s recommendations came after the FY 23 Annual Report was filed and will be reflected in the upcoming FY24 Annual Report. The new process has been used in the quarterly reporting.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 328, Financial reporting, states:
(a) The Federal agency must require only OMB-approved government-wide data elements on recipient financial reports. At the time of publication, this consists of the Federal Financial Report (SF-425); however, this also applies to any future OMB-approved government-wide data elements available from the OMB-designated standards lead.
(b) The Federal agency or pass-through entity must collect financial reports no less than annually. The Federal agency or pass-through entity may not collect financial reports more frequently than quarterly unless a specific condition has been implemented in accordance with § 200.208. To the extent practicable, the Federal agency or pass-through entity should collect financial reports in coordination with performance reports.
(c) The recipient or subrecipient must submit financial reports as required by the Federal award. Reports submitted annually by the recipient or subrecipient must be due no later than 90 calendar days after the reporting period. Reports submitted quarterly or semiannually must be due no later than 30 calendar days after the reporting period.
(d) The final financial report submitted by the recipient must be due no later than 120 calendar days after the conclusion of the period of performance. A subrecipient must submit a final financial report to a pass-through entity no later than 90 calendar days after the conclusion of the period of performance. See also § 200.344. The Federal agency or pass-through entity may extend the due date for any financial report with justification from the recipient or subrecipient.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Programmatic Information Requirements
HAF participants are required to submit an Annual Performance Report on an annual basis and demonstrate the impact of the HAF-financed programs. Reports should include data related to program outputs and outcomes against the stated objectives of the HAF participant’s HAF Grant Plan.
Performance Goals
HAF participants initially submitted performance goals on the use of HAF awarded funds in their approved Grantee Plan. Each one of the performance goals should have identified how the HAF participant will address homeowner needs and should have been disaggregated by key characteristics such as mortgage type, racial and ethnic demographics, and/or geographic areas, as appropriate. HAF participants will be required to provide a status update and quantitative measures, if applicable, on each of their initial performance goals set forth in their Grantee Plan. Please note, HAF participants will not have the ability to alter their original performance goals noted in their Grantee Plan nor add additional performance goals in the Annual Report.
Methods for Targeting and HAF Funding
HAF participants were asked in their original Grantee Plan to describe how the HAF participant will effectively target HAF award funds to (1) homeowners with incomes equal to or less than 100% of the area median income or equal to or less than 100% of the median income for the United States, whichever is greater; and (2) socially disadvantaged individuals. The description included the HAF participant’s targeting strategies. HAF participants will be required to provide an update on their targeting methods and if they have appropriately executed targeting methods according to their original Grantee Plan.
2024-018 The Housing Finance Commission did not have adequate internal controls over and did not comply with reporting requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner
Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-024
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2024, the Commission spent about $70.8 million in HAF funds. The Commission is required to submit quarterly financial reports that have information on the cumulative obligations and expenditures to date. These reports are due 45 days after the end of each quarter. The federal grantor specified there were two key lines items on the report that contained critical information:
1. Administrative Expenses – Quantifiable Objective Criteria: Obligations and expenditures do not exceed 15% for admin expenses.
2. Services, Counseling & Education – Quantifiable Objective Criteria: Obligations and expenditures do not exceed 5% for legal services, counseling and education.
The HAF Plan, approved by the federal grantor, outlines the budget allocation of administrative, services, counseling and education expenditures. Administrative expenses are subcategorized by 10 program design elements, and counseling and education expenses are subcategorized by two program design elements. The Commission is required to report expenditure and obligation data on each program design element. The Commission uses these allocations to contract required services. Commission staff maintain a tracking spreadsheet for HAF obligations and payments made to contractors. For the 2023 quarter three report, Commission staff use data from this spreadsheet to fill out the quarterly reporting template. For the 2023 quarter four report and subsequent reports, the Commission used this spreadsheet to report obligations and then used accounting data for expenditures. Once completed, the Commission submits the report in the HAF reporting portal.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Homeowner Assistance Fund program. The prior finding number was 2023-024.
Description of Condition
The Commission did not have adequate internal controls over and did not comply with reporting requirements for the HAF program.
The spreadsheets used to track obligation and expenditure data for the 2023 Q3 report was not accurate and complete. We determined staff were reporting expenditures that had not been paid in the expenditure category instead of as obligations. We also determined staff made errors when recording the obligation amounts. These errors included not properly realizing all the expenditures in the accounting system, not realizing all administrative obligations and including obligations that were not supported. Starting with the 2023 Q4 report and the subsequent reports, the Commission used accounting data when reporting on expenditures.
We examined all four quarterly reports and all four reports that we examined had errors, as summarized below.
In the 2023 Q3 report we noted:
• For key line item one, nine out of 16 sections had errors.
o The range of these discrepancies for obligations was between $393,154 underreported to $1,120,000 overreported. The variances of these discrepancies ranged from -100% to 127.27%.
o The range of these discrepancies for expenditures was between $394,154 underreported to $246,382 overreported. The variances of these discrepancies ranged from -100% to 13.44%.
• For key line item two, two out of four sections had errors.
o The one discrepancy for obligations was $911,060 overreported. This is a variance of 20.25%.
o The one discrepancy for expenditures was $272,800 underreported. This is a variance of -10.06%.
In the 2023 Q4 report we noted:
• For key line item one, one out of 16 sections had errors.
o The one discrepancy for obligations was $1,120,000 overreported. This is a variance of 127.27%.
• For key line item two, one out of four sections had errors.
o The one discrepancy for obligations was $1,239,000 underreported. This is a variance of -27.53%.
In the 2024 Q1 report we noted:
• For key line item one, two out of 16 sections had errors.
o The one discrepancy for obligations was $72,675 overreported. This is a variance of 6.39%.
o The one discrepancy for expenditures was $135,223 underreported. This is a variance of -12.09%.
• For key line item two, one out of four sections had errors.
o The one discrepancy for obligations was $807,986 overreported. This is a variance of 17.96%.
In the 2024 Q2 report we noted:
• For key line item one, one out of 16 sections had errors.
o The one discrepancy for obligations was $322,758 overreported. This is a variance of 28.36%.
• For key line item two, one out of four sections had errors.
o The one discrepancy for obligations was $807,986 overreported. This is a variance of 17.96%.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The reports are mainly comprised of obligations recorded through contracts and financial information recorded in the Commissions accounting system. The 2023 Q3 report did not rely on this data when reporting on expenditures and obligations. Commission officials said there was a lack of coordination between program and finance staff in compiling this report to ensure the correct data was used. Furthermore, the Commission did not require management to review the reports and their supporting documentation before submitting them to the grantor.
Beginning with the 2023 Q4 report, the Commission changed its process to rely on the correct data and implemented a second review. However, there was an error in the calculation for the obligation amounts that the Commission staff said they corrected starting with the 2024 Q3 report. Additionally, for the one expenditure discrepancy, staff did not update the amount from the prior quarterly report. While the Commission implemented a second review, it was not performed effectively to identify these errors.
Effect of Condition
Without establishing adequate internal controls, which should include reviewing the reports and the supporting documentation to ensure the correct source data is reported, management cannot ensure that the reports are complete and accurate.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Commission’s Response
The Commission concurs with this finding.
The Commission will strengthen its system of controls and review processes to ensure that data reported to the federal grantor is complete and accurate. In addition, the Commission will confirm with the grantor to determine if revision is necessary.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 328, Financial reporting, states:
Unless otherwise approved by OMB, the Federal awarding agency must solicit only the OMB-approved governmentwide data elements for collection of financial information (at time of publication the Federal Financial Report or such future, OMB-approved, governmentwide data elements available from the OMB-designated standards lead. This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting. The Federal awarding agency must use OMB-approved common information collections, as applicable, when providing financial and performance reporting information.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Programmatic Information Requirements
The following programmatic information will be required in Quarterly Reports.
f. Program(s) Information- HAF participants will provide information on all HAF programs. Programs are new or existing eligible government services or investments funded in whole or in part by HAF funding. For each program, the HAF participant will be required to enter the following information:
• Total Obligations Cumulative to Calendar Quarter end date;
• Total Expenditures Cumulative to Calendar Quarter end date;
g. Expenditures- HAF participants are required to report the HAF assistance expended or spent by the HAF participant. HAF participants will be asked to report expenditures on a cumulative basis at the following levels: the participant-level, program-level, and program design element-level. At the participant-level, HAF participants will be asked to disaggregate expenditures or amounts expended by the categories noted under the Disaggregated Information requirement below.
• The information provided in this section will relate to the HAF Grantee Plan Budget Expenditures broken out by Program Design Element.
h. Obligations- HAF participants are required to report the HAF assistance obligated. HAF participants will be asked to report obligations on a cumulative basis at the participant level, program-level, and program design element-level. HAF participants will be asked to disaggregate participant-level obligations by the categories noted under the Disaggregated Information requirement below.
• The information provided in this section will relate to the HAF Grantee Plan Budget Obligations broken out by Program Design Element.
i. Program Design Elements Covered- HAF participants will report on each of their HAF term sheets identified programs and their respective program design elements. HAF participants that provide funding for housing counseling and legal services will also report in this section. HAF participants will create a new line item for each program design element and tie the program design element to a specific program. Please reference Appendix 3 for Program Design Element categories and descriptions. HAF participants will be expected to report the following for each specific program design element within a program:
• Total Obligations Cumulative to Calendar Quarter end date;
• Total Expenditures Cumulative to Calendar Quarter end date;
• Number of Homeowners Assisted Cumulative to Calendar Quarter end date; and,
• Number of SDIs Assisted Cumulative to Calendar Quarter end date.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-026 The Workforce Training and Education Coordinating Board did not have adequate internal controls over matching requirements for the Career and Technical Education – Basic Grants to States program.
Assistance Listing Number and Title: 84.048 Career and Technical Education – Basic Grants to States (Perkins V)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: V048A210047; V048A220047; V048A230047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching
Known Questioned Cost Amount: None
Prior Year Audit Finding: None
Background
The Career and Technical Education - Basic Grants to States (Perkins V) program is administered by the Workforce Training and Education Coordinating Board (Workforce Board). Perkins V provides grants to states and outlying areas to develop the academic knowledge and technical and employability skills of secondary students and postsecondary students. This is accomplished by building on the efforts of states and localities to develop challenging academic and technical standards and to assist students in meeting such standards promoting the development of services and activities that integrate rigorous and challenging academic and career and technical instruction, and that link secondary education and postsecondary education. This is also done through increasing state and local flexibility in providing services and activities designed to develop, implement and improve career and technical education, conducting and disseminating national research and disseminating information on best practices that improve career and technical education programs and programs of study, services, and activities.
The Office of the Superintendent of Public Instruction (OSPI) and the Washington State Board for Community and Technical Colleges (SBCTC) receive funds through interagency agreements with the Workforce Board. The federal funding provides technical assistance, supporting partnerships among secondary schools, postsecondary institutions, area career and technical education schools, local workforce investment boards, business and industry, and intermediaries. It helps provide individuals with opportunities to develop, in conjunction with other educational and training programs, the knowledge and skills needed to keep the United States competitive; and increase the employment opportunities for populations who are chronically unemployed or underemployed (including individuals with disabilities, individuals from economically disadvantaged families, out-of-workforce individuals, youth who are in, or have aged out of, the foster care system, and homeless individuals).
Matching requirements for the grant require the state to match, from nonfederal sources and on a dollar-for-dollar basis, the funds reserved for the administration of the plan. The matching requirement may be applied overall, rather than line-by-line, to state administrative expenditures.
During fiscal year 2024, the Workforce Board, OSPI, and SBCTC spent about $27 million in federal grant funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Workforce Board did not have adequate internal controls over matching requirements for the Perkins V program.
The Board obtains information as part of its annual report from OSPI and SBCTC along with a certification showing the amount of state funds that are being used to match the federal administrative expenditures required by the grant. The Board did not have documentation to show the certification was received from OSPI. We also identified a lack of sufficient detail on the individual reimbursement requests and the certification. Without reviewing any of the supporting documentation for the state matching funds from other entities, the Board cannot determine the amount of state funds being used to match is supported and was for allowable purposes.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
While the Workforce Board established internal controls, they were insufficiently designed and did not operate effectively to ensure compliance with matching requirements.
Effect of Condition
Without establishing adequate internal controls and obtaining a sufficient level of supporting accounting detail, the Board cannot reasonably ensure it and its partnered state agencies have met matching requirements.
Recommendation
We recommend the Workforce Board:
• Establish and document internal controls sufficient to prevent and detect noncompliance with matching requirements.
• Obtain support sufficient to adequately ensure matching requirements are met.
Board’s Response
We appreciate the State Auditor’s Office audit of the matching requirement for the Perkins V program. The Workforce Training and Education Coordinating Board (Workforce Board) is committed to ensuring that our programs comply with all federal regulations. While the Workforce Board partially concurs with the Auditor's findings, we want to highlight that we have established controls to ensure the state administration match requirement is met.
During the period audited, there was turnover within both the Office of Superintendent of Public Instruction (OSPI) and the Workforce Board, which may have contributed to challenges in fulfilling certain requirements. However, the Workforce Board does have a contract with OSPI that specifies a Certification is required, and we did receive the Certification for the current year. Additionally, we have communicated with our subrecipients that certifications are required.
We have since worked closely with the new fiscal staff at OSPI, and they are now providing additional support for each quarterly billing, as reflected in their accounting records. Furthermore, the Workforce Board has incorporated a monitoring section into the new contracts to enhance oversight and ensure compliance moving forward.
Auditor’s Remarks
We thank the Board for its cooperation and assistance throughout the audit. We will review the status of the Board's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 United Stated Code, section 2391, Fiscal requirements, states, in part:
(b)Matching requirement
Each eligible agency receiving funds made available under subsection (a)(3) shall match, from non-Federal sources and on a dollar-for-dollar basis, the funds received under subsection (a)(3).
2024-027 Workforce Training and Education Coordinating Board did not have adequate internal controls to ensure compliance with level of effort requirements for the Career and Technical Education – Basic Grants to States program.
Assistance Listing Number and Title: 84.048 Career and Technical Education – Basic Grants to States (Perkins V)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: V048A210047; V048A220047; V048A230047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Career and Technical Education - Basic Grants to States (Perkins V) program is administered by the Workforce Training and Education Coordinating Board (Workforce Board). Perkins V provides grants to states and outlying areas to develop the academic knowledge and technical and employability skills of secondary students and postsecondary students. This is accomplished by building on the efforts of states and localities to develop challenging academic and technical standards and to assist students in meeting such standards promoting the development of services and activities that integrate rigorous and challenging academic and career and technical instruction, and that link secondary education and postsecondary education. This is also done through increasing state and local flexibility in providing services and activities designed to develop, implement and improve career and technical education, conducting and disseminating national research and disseminating information on best practices that improve career and technical education programs and programs of study, services, and activities.
The Office of the Superintendent of Public Instruction (OSPI) and the Washington State Board for Community and Technical Colleges (SBCTC) receive funds through interagency agreements with the Workforce Board. The federal funding provides technical assistance, supporting partnerships among secondary schools, postsecondary institutions, area career and technical education schools, local workforce investment boards, business and industry, and intermediaries. It helps provide individuals with opportunities to develop, in conjunction with other educational and training programs, the knowledge and skills needed to keep the United States competitive; and increase the employment opportunities for populations who are chronically unemployed or underemployed (including individuals with disabilities, individuals from economically disadvantaged families, out-of-workforce individuals, youth who are in, or have aged out of, the foster care system, and homeless individuals).
Level of effort requirements for the grant require the state to maintain its fiscal efforts from state sources each year when compared with such efforts from the preceding year. Similarly, the state shall provide from state sources for administration of Perkins V, an amount that is not less than the state sourced amounts provided for administrative costs in the preceding fiscal year. Lastly, the state and its subrecipients may use funds for career and technical education activities that supplement, and not supplant, non-federal funds expended to carry out career and technical education activities.
During fiscal year 2024, the Workforce Board, OSPI, and SBCTC spent about $27 million in federal grant funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Workforce Board did not have adequate internal controls to ensure compliance with level of effort requirements for the Perkins V program.
The Workforce Board reviews state funding efforts for the program during its preparation of their annual report. However, the Workforce Board did not implement sufficient preventative controls to effectively monitor the level of effort requirements on a more continuous basis.
During the audit, we were unable to identify controls that would prevent or detect non-compliance with the requirement that federal funds must be used to supplement, not supplant, non-federal funds specific to the level of effort requirement.
As such, we determined internal controls were inadequate to prevent or detect non-compliance with federal requirements for level of effort.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Workforce Board did not establish sufficient internal controls that were designed to ensure compliance with the level of effort requirements.
Effect of Condition
Without establishing adequate internal controls, the Workforce Board cannot reasonably ensure it and its partnered state agencies have met level of effort requirements.
Recommendation
We recommend the Workforce Board establish and document internal controls sufficient to prevent and detect noncompliance with the level of effort requirements.
Board’s Response
Thank you for providing the Workforce Training and Education Coordinating Board (Workforce Board) with the opportunity to review and respond to the State Auditor’s Office (SAO) audit report on the level of effort. The Workforce Board fully acknowledges the significance and priority of maintaining strong internal controls over the analysis and certification of level of effort, ensuring that this process is completed in a timely manner and allowing sufficient time for any necessary corrective actions.
In collaboration with the State Board for Community and Technical Colleges (SBCTC) and the Office of Superintendent of Public Instruction (OSPI), the Workforce Board is committed to identifying and analyzing options for incorporating semi-annual reviews of the level of effort / maintenance of effort (MOE) funds. These efforts will help enhance transparency and improve the accuracy of reporting.
The SBCTC already provides level of effort documentation on a semi-annual basis. The Workforce Board will use this document as a template to establish agency guidelines related to MOE. The agency will require the collection of MOE data and certification from its subaward recipients on a semi-annual basis. This approach will help ensure consistent compliance with all applicable requirements and reinforce our commitment to continuous improvement in managing and overseeing MOE funds.
We appreciate the recommendations from the SAO and look forward to working collaboratively with SBCTC and OSPI to enhance our internal processes and controls.
Auditor’s Remarks
We thank the Board for its cooperation and assistance throughout the audit. We will review the status of the Board's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 United Stated Code, section 2391, Fiscal requirements, states:
(a) Supplement not supplant
Funds made available under this chapter for career and technical education activities shall supplement, and shall not supplant, non-Federal funds expended to carry out career and technical education activities.
(b) Maintenance of effort
(1) Determination
(A) In general
Except as provided in subparagraph (B), (C), or (D), in order for a State to receive its full allotment of funds under this chapter for any fiscal year, the Secretary must find that the State's fiscal effort per student, or the aggregate expenditures of such State, with respect to career and technical education for the preceding fiscal year was not less than the fiscal effort per student, or the aggregate expenditures of such State, for the second preceding fiscal year.
(B) Computation
In computing the fiscal effort or aggregate expenditures pursuant to subparagraph (A), the Secretary shall, at the request of the State, exclude competitive or incentive-based programs established by the State, capital expenditures, special one-time project costs, and the cost of pilot programs.
(C) Decrease in Federal support
If the amount made available for career and technical education programs under this chapter for a fiscal year is less than the amount made available for career and technical education programs under this chapter for the preceding fiscal year, then the fiscal effort per student or the aggregate expenditures of a State required by subparagraph (A) for the preceding fiscal year shall be decreased by the same percentage as the percentage decrease in the amount so made available.
(D) Establishing the state baseline
For purposes of applying subparagraph (A) for years which require the calculation of the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education for the first full fiscal year following July 31, 2018, the State may determine the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education for such first full fiscal year by-
(i) continuing to use the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education, as was in effect on the day before July 31, 2018; or
(ii) establishing a new level of fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education, which is not less than 95 percent of the State's fiscal effort per student, or the aggregate expenditures of such State, with respect to career and technical education for the preceding fiscal year.
(2) Failure to meet
(A) In general
The Secretary shall reduce the amount of a State's allotment of funds under this chapter for any fiscal year in the exact proportion by which the State fails to meet the requirement of paragraph (1) by falling below the State's fiscal effort per student or the State's aggregate expenditures (using the measure most favorable to the State), if the State failed to meet such requirement (as determined using the measure most favorable to the State) for 1 or more of the 5 immediately preceding fiscal years.
(B) Special rule
No such lesser amount shall be used for computing the effort required under paragraph (1) for subsequent years.
(3) Waiver
The Secretary may waive paragraph (2) due to exceptional or uncontrollable circumstances affecting the ability of the State to meet the requirement of paragraph (1) such as a natural disaster or an unforeseen and precipitous decline in financial resources. No level of funding permitted under such a waiver may be used as the basis for computing the fiscal effort or aggregate expenditures required under this section for years subsequent to the year covered by such waiver. The fiscal effort or aggregate expenditures for the subsequent years shall be computed on the basis of the level of funding that would, but for such waiver, have been required.
2024-026 The Workforce Training and Education Coordinating Board did not have adequate internal controls over matching requirements for the Career and Technical Education – Basic Grants to States program.
Assistance Listing Number and Title: 84.048 Career and Technical Education – Basic Grants to States (Perkins V)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: V048A210047; V048A220047; V048A230047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching
Known Questioned Cost Amount: None
Prior Year Audit Finding: None
Background
The Career and Technical Education - Basic Grants to States (Perkins V) program is administered by the Workforce Training and Education Coordinating Board (Workforce Board). Perkins V provides grants to states and outlying areas to develop the academic knowledge and technical and employability skills of secondary students and postsecondary students. This is accomplished by building on the efforts of states and localities to develop challenging academic and technical standards and to assist students in meeting such standards promoting the development of services and activities that integrate rigorous and challenging academic and career and technical instruction, and that link secondary education and postsecondary education. This is also done through increasing state and local flexibility in providing services and activities designed to develop, implement and improve career and technical education, conducting and disseminating national research and disseminating information on best practices that improve career and technical education programs and programs of study, services, and activities.
The Office of the Superintendent of Public Instruction (OSPI) and the Washington State Board for Community and Technical Colleges (SBCTC) receive funds through interagency agreements with the Workforce Board. The federal funding provides technical assistance, supporting partnerships among secondary schools, postsecondary institutions, area career and technical education schools, local workforce investment boards, business and industry, and intermediaries. It helps provide individuals with opportunities to develop, in conjunction with other educational and training programs, the knowledge and skills needed to keep the United States competitive; and increase the employment opportunities for populations who are chronically unemployed or underemployed (including individuals with disabilities, individuals from economically disadvantaged families, out-of-workforce individuals, youth who are in, or have aged out of, the foster care system, and homeless individuals).
Matching requirements for the grant require the state to match, from nonfederal sources and on a dollar-for-dollar basis, the funds reserved for the administration of the plan. The matching requirement may be applied overall, rather than line-by-line, to state administrative expenditures.
During fiscal year 2024, the Workforce Board, OSPI, and SBCTC spent about $27 million in federal grant funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Workforce Board did not have adequate internal controls over matching requirements for the Perkins V program.
The Board obtains information as part of its annual report from OSPI and SBCTC along with a certification showing the amount of state funds that are being used to match the federal administrative expenditures required by the grant. The Board did not have documentation to show the certification was received from OSPI. We also identified a lack of sufficient detail on the individual reimbursement requests and the certification. Without reviewing any of the supporting documentation for the state matching funds from other entities, the Board cannot determine the amount of state funds being used to match is supported and was for allowable purposes.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
While the Workforce Board established internal controls, they were insufficiently designed and did not operate effectively to ensure compliance with matching requirements.
Effect of Condition
Without establishing adequate internal controls and obtaining a sufficient level of supporting accounting detail, the Board cannot reasonably ensure it and its partnered state agencies have met matching requirements.
Recommendation
We recommend the Workforce Board:
• Establish and document internal controls sufficient to prevent and detect noncompliance with matching requirements.
• Obtain support sufficient to adequately ensure matching requirements are met.
Board’s Response
We appreciate the State Auditor’s Office audit of the matching requirement for the Perkins V program. The Workforce Training and Education Coordinating Board (Workforce Board) is committed to ensuring that our programs comply with all federal regulations. While the Workforce Board partially concurs with the Auditor's findings, we want to highlight that we have established controls to ensure the state administration match requirement is met.
During the period audited, there was turnover within both the Office of Superintendent of Public Instruction (OSPI) and the Workforce Board, which may have contributed to challenges in fulfilling certain requirements. However, the Workforce Board does have a contract with OSPI that specifies a Certification is required, and we did receive the Certification for the current year. Additionally, we have communicated with our subrecipients that certifications are required.
We have since worked closely with the new fiscal staff at OSPI, and they are now providing additional support for each quarterly billing, as reflected in their accounting records. Furthermore, the Workforce Board has incorporated a monitoring section into the new contracts to enhance oversight and ensure compliance moving forward.
Auditor’s Remarks
We thank the Board for its cooperation and assistance throughout the audit. We will review the status of the Board's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 United Stated Code, section 2391, Fiscal requirements, states, in part:
(b)Matching requirement
Each eligible agency receiving funds made available under subsection (a)(3) shall match, from non-Federal sources and on a dollar-for-dollar basis, the funds received under subsection (a)(3).
2024-027 Workforce Training and Education Coordinating Board did not have adequate internal controls to ensure compliance with level of effort requirements for the Career and Technical Education – Basic Grants to States program.
Assistance Listing Number and Title: 84.048 Career and Technical Education – Basic Grants to States (Perkins V)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: V048A210047; V048A220047; V048A230047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Career and Technical Education - Basic Grants to States (Perkins V) program is administered by the Workforce Training and Education Coordinating Board (Workforce Board). Perkins V provides grants to states and outlying areas to develop the academic knowledge and technical and employability skills of secondary students and postsecondary students. This is accomplished by building on the efforts of states and localities to develop challenging academic and technical standards and to assist students in meeting such standards promoting the development of services and activities that integrate rigorous and challenging academic and career and technical instruction, and that link secondary education and postsecondary education. This is also done through increasing state and local flexibility in providing services and activities designed to develop, implement and improve career and technical education, conducting and disseminating national research and disseminating information on best practices that improve career and technical education programs and programs of study, services, and activities.
The Office of the Superintendent of Public Instruction (OSPI) and the Washington State Board for Community and Technical Colleges (SBCTC) receive funds through interagency agreements with the Workforce Board. The federal funding provides technical assistance, supporting partnerships among secondary schools, postsecondary institutions, area career and technical education schools, local workforce investment boards, business and industry, and intermediaries. It helps provide individuals with opportunities to develop, in conjunction with other educational and training programs, the knowledge and skills needed to keep the United States competitive; and increase the employment opportunities for populations who are chronically unemployed or underemployed (including individuals with disabilities, individuals from economically disadvantaged families, out-of-workforce individuals, youth who are in, or have aged out of, the foster care system, and homeless individuals).
Level of effort requirements for the grant require the state to maintain its fiscal efforts from state sources each year when compared with such efforts from the preceding year. Similarly, the state shall provide from state sources for administration of Perkins V, an amount that is not less than the state sourced amounts provided for administrative costs in the preceding fiscal year. Lastly, the state and its subrecipients may use funds for career and technical education activities that supplement, and not supplant, non-federal funds expended to carry out career and technical education activities.
During fiscal year 2024, the Workforce Board, OSPI, and SBCTC spent about $27 million in federal grant funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Workforce Board did not have adequate internal controls to ensure compliance with level of effort requirements for the Perkins V program.
The Workforce Board reviews state funding efforts for the program during its preparation of their annual report. However, the Workforce Board did not implement sufficient preventative controls to effectively monitor the level of effort requirements on a more continuous basis.
During the audit, we were unable to identify controls that would prevent or detect non-compliance with the requirement that federal funds must be used to supplement, not supplant, non-federal funds specific to the level of effort requirement.
As such, we determined internal controls were inadequate to prevent or detect non-compliance with federal requirements for level of effort.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Workforce Board did not establish sufficient internal controls that were designed to ensure compliance with the level of effort requirements.
Effect of Condition
Without establishing adequate internal controls, the Workforce Board cannot reasonably ensure it and its partnered state agencies have met level of effort requirements.
Recommendation
We recommend the Workforce Board establish and document internal controls sufficient to prevent and detect noncompliance with the level of effort requirements.
Board’s Response
Thank you for providing the Workforce Training and Education Coordinating Board (Workforce Board) with the opportunity to review and respond to the State Auditor’s Office (SAO) audit report on the level of effort. The Workforce Board fully acknowledges the significance and priority of maintaining strong internal controls over the analysis and certification of level of effort, ensuring that this process is completed in a timely manner and allowing sufficient time for any necessary corrective actions.
In collaboration with the State Board for Community and Technical Colleges (SBCTC) and the Office of Superintendent of Public Instruction (OSPI), the Workforce Board is committed to identifying and analyzing options for incorporating semi-annual reviews of the level of effort / maintenance of effort (MOE) funds. These efforts will help enhance transparency and improve the accuracy of reporting.
The SBCTC already provides level of effort documentation on a semi-annual basis. The Workforce Board will use this document as a template to establish agency guidelines related to MOE. The agency will require the collection of MOE data and certification from its subaward recipients on a semi-annual basis. This approach will help ensure consistent compliance with all applicable requirements and reinforce our commitment to continuous improvement in managing and overseeing MOE funds.
We appreciate the recommendations from the SAO and look forward to working collaboratively with SBCTC and OSPI to enhance our internal processes and controls.
Auditor’s Remarks
We thank the Board for its cooperation and assistance throughout the audit. We will review the status of the Board's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 United Stated Code, section 2391, Fiscal requirements, states:
(a) Supplement not supplant
Funds made available under this chapter for career and technical education activities shall supplement, and shall not supplant, non-Federal funds expended to carry out career and technical education activities.
(b) Maintenance of effort
(1) Determination
(A) In general
Except as provided in subparagraph (B), (C), or (D), in order for a State to receive its full allotment of funds under this chapter for any fiscal year, the Secretary must find that the State's fiscal effort per student, or the aggregate expenditures of such State, with respect to career and technical education for the preceding fiscal year was not less than the fiscal effort per student, or the aggregate expenditures of such State, for the second preceding fiscal year.
(B) Computation
In computing the fiscal effort or aggregate expenditures pursuant to subparagraph (A), the Secretary shall, at the request of the State, exclude competitive or incentive-based programs established by the State, capital expenditures, special one-time project costs, and the cost of pilot programs.
(C) Decrease in Federal support
If the amount made available for career and technical education programs under this chapter for a fiscal year is less than the amount made available for career and technical education programs under this chapter for the preceding fiscal year, then the fiscal effort per student or the aggregate expenditures of a State required by subparagraph (A) for the preceding fiscal year shall be decreased by the same percentage as the percentage decrease in the amount so made available.
(D) Establishing the state baseline
For purposes of applying subparagraph (A) for years which require the calculation of the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education for the first full fiscal year following July 31, 2018, the State may determine the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education for such first full fiscal year by-
(i) continuing to use the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education, as was in effect on the day before July 31, 2018; or
(ii) establishing a new level of fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education, which is not less than 95 percent of the State's fiscal effort per student, or the aggregate expenditures of such State, with respect to career and technical education for the preceding fiscal year.
(2) Failure to meet
(A) In general
The Secretary shall reduce the amount of a State's allotment of funds under this chapter for any fiscal year in the exact proportion by which the State fails to meet the requirement of paragraph (1) by falling below the State's fiscal effort per student or the State's aggregate expenditures (using the measure most favorable to the State), if the State failed to meet such requirement (as determined using the measure most favorable to the State) for 1 or more of the 5 immediately preceding fiscal years.
(B) Special rule
No such lesser amount shall be used for computing the effort required under paragraph (1) for subsequent years.
(3) Waiver
The Secretary may waive paragraph (2) due to exceptional or uncontrollable circumstances affecting the ability of the State to meet the requirement of paragraph (1) such as a natural disaster or an unforeseen and precipitous decline in financial resources. No level of funding permitted under such a waiver may be used as the basis for computing the fiscal effort or aggregate expenditures required under this section for years subsequent to the year covered by such waiver. The fiscal effort or aggregate expenditures for the subsequent years shall be computed on the basis of the level of funding that would, but for such waiver, have been required.
2024-026 The Workforce Training and Education Coordinating Board did not have adequate internal controls over matching requirements for the Career and Technical Education – Basic Grants to States program.
Assistance Listing Number and Title: 84.048 Career and Technical Education – Basic Grants to States (Perkins V)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: V048A210047; V048A220047; V048A230047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching
Known Questioned Cost Amount: None
Prior Year Audit Finding: None
Background
The Career and Technical Education - Basic Grants to States (Perkins V) program is administered by the Workforce Training and Education Coordinating Board (Workforce Board). Perkins V provides grants to states and outlying areas to develop the academic knowledge and technical and employability skills of secondary students and postsecondary students. This is accomplished by building on the efforts of states and localities to develop challenging academic and technical standards and to assist students in meeting such standards promoting the development of services and activities that integrate rigorous and challenging academic and career and technical instruction, and that link secondary education and postsecondary education. This is also done through increasing state and local flexibility in providing services and activities designed to develop, implement and improve career and technical education, conducting and disseminating national research and disseminating information on best practices that improve career and technical education programs and programs of study, services, and activities.
The Office of the Superintendent of Public Instruction (OSPI) and the Washington State Board for Community and Technical Colleges (SBCTC) receive funds through interagency agreements with the Workforce Board. The federal funding provides technical assistance, supporting partnerships among secondary schools, postsecondary institutions, area career and technical education schools, local workforce investment boards, business and industry, and intermediaries. It helps provide individuals with opportunities to develop, in conjunction with other educational and training programs, the knowledge and skills needed to keep the United States competitive; and increase the employment opportunities for populations who are chronically unemployed or underemployed (including individuals with disabilities, individuals from economically disadvantaged families, out-of-workforce individuals, youth who are in, or have aged out of, the foster care system, and homeless individuals).
Matching requirements for the grant require the state to match, from nonfederal sources and on a dollar-for-dollar basis, the funds reserved for the administration of the plan. The matching requirement may be applied overall, rather than line-by-line, to state administrative expenditures.
During fiscal year 2024, the Workforce Board, OSPI, and SBCTC spent about $27 million in federal grant funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Workforce Board did not have adequate internal controls over matching requirements for the Perkins V program.
The Board obtains information as part of its annual report from OSPI and SBCTC along with a certification showing the amount of state funds that are being used to match the federal administrative expenditures required by the grant. The Board did not have documentation to show the certification was received from OSPI. We also identified a lack of sufficient detail on the individual reimbursement requests and the certification. Without reviewing any of the supporting documentation for the state matching funds from other entities, the Board cannot determine the amount of state funds being used to match is supported and was for allowable purposes.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
While the Workforce Board established internal controls, they were insufficiently designed and did not operate effectively to ensure compliance with matching requirements.
Effect of Condition
Without establishing adequate internal controls and obtaining a sufficient level of supporting accounting detail, the Board cannot reasonably ensure it and its partnered state agencies have met matching requirements.
Recommendation
We recommend the Workforce Board:
• Establish and document internal controls sufficient to prevent and detect noncompliance with matching requirements.
• Obtain support sufficient to adequately ensure matching requirements are met.
Board’s Response
We appreciate the State Auditor’s Office audit of the matching requirement for the Perkins V program. The Workforce Training and Education Coordinating Board (Workforce Board) is committed to ensuring that our programs comply with all federal regulations. While the Workforce Board partially concurs with the Auditor's findings, we want to highlight that we have established controls to ensure the state administration match requirement is met.
During the period audited, there was turnover within both the Office of Superintendent of Public Instruction (OSPI) and the Workforce Board, which may have contributed to challenges in fulfilling certain requirements. However, the Workforce Board does have a contract with OSPI that specifies a Certification is required, and we did receive the Certification for the current year. Additionally, we have communicated with our subrecipients that certifications are required.
We have since worked closely with the new fiscal staff at OSPI, and they are now providing additional support for each quarterly billing, as reflected in their accounting records. Furthermore, the Workforce Board has incorporated a monitoring section into the new contracts to enhance oversight and ensure compliance moving forward.
Auditor’s Remarks
We thank the Board for its cooperation and assistance throughout the audit. We will review the status of the Board's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 United Stated Code, section 2391, Fiscal requirements, states, in part:
(b)Matching requirement
Each eligible agency receiving funds made available under subsection (a)(3) shall match, from non-Federal sources and on a dollar-for-dollar basis, the funds received under subsection (a)(3).
2024-027 Workforce Training and Education Coordinating Board did not have adequate internal controls to ensure compliance with level of effort requirements for the Career and Technical Education – Basic Grants to States program.
Assistance Listing Number and Title: 84.048 Career and Technical Education – Basic Grants to States (Perkins V)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: V048A210047; V048A220047; V048A230047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Career and Technical Education - Basic Grants to States (Perkins V) program is administered by the Workforce Training and Education Coordinating Board (Workforce Board). Perkins V provides grants to states and outlying areas to develop the academic knowledge and technical and employability skills of secondary students and postsecondary students. This is accomplished by building on the efforts of states and localities to develop challenging academic and technical standards and to assist students in meeting such standards promoting the development of services and activities that integrate rigorous and challenging academic and career and technical instruction, and that link secondary education and postsecondary education. This is also done through increasing state and local flexibility in providing services and activities designed to develop, implement and improve career and technical education, conducting and disseminating national research and disseminating information on best practices that improve career and technical education programs and programs of study, services, and activities.
The Office of the Superintendent of Public Instruction (OSPI) and the Washington State Board for Community and Technical Colleges (SBCTC) receive funds through interagency agreements with the Workforce Board. The federal funding provides technical assistance, supporting partnerships among secondary schools, postsecondary institutions, area career and technical education schools, local workforce investment boards, business and industry, and intermediaries. It helps provide individuals with opportunities to develop, in conjunction with other educational and training programs, the knowledge and skills needed to keep the United States competitive; and increase the employment opportunities for populations who are chronically unemployed or underemployed (including individuals with disabilities, individuals from economically disadvantaged families, out-of-workforce individuals, youth who are in, or have aged out of, the foster care system, and homeless individuals).
Level of effort requirements for the grant require the state to maintain its fiscal efforts from state sources each year when compared with such efforts from the preceding year. Similarly, the state shall provide from state sources for administration of Perkins V, an amount that is not less than the state sourced amounts provided for administrative costs in the preceding fiscal year. Lastly, the state and its subrecipients may use funds for career and technical education activities that supplement, and not supplant, non-federal funds expended to carry out career and technical education activities.
During fiscal year 2024, the Workforce Board, OSPI, and SBCTC spent about $27 million in federal grant funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Workforce Board did not have adequate internal controls to ensure compliance with level of effort requirements for the Perkins V program.
The Workforce Board reviews state funding efforts for the program during its preparation of their annual report. However, the Workforce Board did not implement sufficient preventative controls to effectively monitor the level of effort requirements on a more continuous basis.
During the audit, we were unable to identify controls that would prevent or detect non-compliance with the requirement that federal funds must be used to supplement, not supplant, non-federal funds specific to the level of effort requirement.
As such, we determined internal controls were inadequate to prevent or detect non-compliance with federal requirements for level of effort.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Workforce Board did not establish sufficient internal controls that were designed to ensure compliance with the level of effort requirements.
Effect of Condition
Without establishing adequate internal controls, the Workforce Board cannot reasonably ensure it and its partnered state agencies have met level of effort requirements.
Recommendation
We recommend the Workforce Board establish and document internal controls sufficient to prevent and detect noncompliance with the level of effort requirements.
Board’s Response
Thank you for providing the Workforce Training and Education Coordinating Board (Workforce Board) with the opportunity to review and respond to the State Auditor’s Office (SAO) audit report on the level of effort. The Workforce Board fully acknowledges the significance and priority of maintaining strong internal controls over the analysis and certification of level of effort, ensuring that this process is completed in a timely manner and allowing sufficient time for any necessary corrective actions.
In collaboration with the State Board for Community and Technical Colleges (SBCTC) and the Office of Superintendent of Public Instruction (OSPI), the Workforce Board is committed to identifying and analyzing options for incorporating semi-annual reviews of the level of effort / maintenance of effort (MOE) funds. These efforts will help enhance transparency and improve the accuracy of reporting.
The SBCTC already provides level of effort documentation on a semi-annual basis. The Workforce Board will use this document as a template to establish agency guidelines related to MOE. The agency will require the collection of MOE data and certification from its subaward recipients on a semi-annual basis. This approach will help ensure consistent compliance with all applicable requirements and reinforce our commitment to continuous improvement in managing and overseeing MOE funds.
We appreciate the recommendations from the SAO and look forward to working collaboratively with SBCTC and OSPI to enhance our internal processes and controls.
Auditor’s Remarks
We thank the Board for its cooperation and assistance throughout the audit. We will review the status of the Board's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 United Stated Code, section 2391, Fiscal requirements, states:
(a) Supplement not supplant
Funds made available under this chapter for career and technical education activities shall supplement, and shall not supplant, non-Federal funds expended to carry out career and technical education activities.
(b) Maintenance of effort
(1) Determination
(A) In general
Except as provided in subparagraph (B), (C), or (D), in order for a State to receive its full allotment of funds under this chapter for any fiscal year, the Secretary must find that the State's fiscal effort per student, or the aggregate expenditures of such State, with respect to career and technical education for the preceding fiscal year was not less than the fiscal effort per student, or the aggregate expenditures of such State, for the second preceding fiscal year.
(B) Computation
In computing the fiscal effort or aggregate expenditures pursuant to subparagraph (A), the Secretary shall, at the request of the State, exclude competitive or incentive-based programs established by the State, capital expenditures, special one-time project costs, and the cost of pilot programs.
(C) Decrease in Federal support
If the amount made available for career and technical education programs under this chapter for a fiscal year is less than the amount made available for career and technical education programs under this chapter for the preceding fiscal year, then the fiscal effort per student or the aggregate expenditures of a State required by subparagraph (A) for the preceding fiscal year shall be decreased by the same percentage as the percentage decrease in the amount so made available.
(D) Establishing the state baseline
For purposes of applying subparagraph (A) for years which require the calculation of the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education for the first full fiscal year following July 31, 2018, the State may determine the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education for such first full fiscal year by-
(i) continuing to use the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education, as was in effect on the day before July 31, 2018; or
(ii) establishing a new level of fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education, which is not less than 95 percent of the State's fiscal effort per student, or the aggregate expenditures of such State, with respect to career and technical education for the preceding fiscal year.
(2) Failure to meet
(A) In general
The Secretary shall reduce the amount of a State's allotment of funds under this chapter for any fiscal year in the exact proportion by which the State fails to meet the requirement of paragraph (1) by falling below the State's fiscal effort per student or the State's aggregate expenditures (using the measure most favorable to the State), if the State failed to meet such requirement (as determined using the measure most favorable to the State) for 1 or more of the 5 immediately preceding fiscal years.
(B) Special rule
No such lesser amount shall be used for computing the effort required under paragraph (1) for subsequent years.
(3) Waiver
The Secretary may waive paragraph (2) due to exceptional or uncontrollable circumstances affecting the ability of the State to meet the requirement of paragraph (1) such as a natural disaster or an unforeseen and precipitous decline in financial resources. No level of funding permitted under such a waiver may be used as the basis for computing the fiscal effort or aggregate expenditures required under this section for years subsequent to the year covered by such waiver. The fiscal effort or aggregate expenditures for the subsequent years shall be computed on the basis of the level of funding that would, but for such waiver, have been required.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-032 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03; 6 NH23IP922619-02-04; 6 NH23IP922619-02-06; 6 NH23IP922619-04-01; 5 NH23IP922619-05-00; 6 NH23IP922619-05-01; 6 NH23IP922619-05-02; 6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $464,473
Prior Year Audit Finding: Yes, Finding 2023-044
Background
The Department of Health administers the Immunization Cooperative Agreements program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million in noncash assistance from the federal grantor in the form of vaccines.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
The Department awards federal funds to subrecipients on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts
• Sub-subrecipients
• Indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The accounting unit emailed the requests to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over to ensure payments to providers were allowable, met cost principles and were within the period of performance for the program. The prior finding numbers were 2022-031 and 2023-044.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether program staff had reviewed and approved these expenditures.
We used a statistical sampling method to randomly select and examine 64 out of 483 provider payments. Additionally, we judgmentally reviewed three individually significant payments that exceeded $550,065 each. In total, we examined more than $7.8 million in provider payments as part of the audit. Of the 64 payments examined, we identified seven payments (11%) and three individually significant payments that did not have the required supporting documentation for the subrecipients’ assigned risk level. In addition to not having adequate supporting documentation, of the seven payments randomly selected:
• Two (3%) subrecipient payments utilized a higher indirect rate than the approved rate and the error was not identified at the time of approval
• One (2%) incorrectly charged $25,954 in expenditures for another federal program
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures and fiscal management did not ensure staff properly charged the program.
The Department also did not ensure it maintained access to the documents reviewed during the audit period.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it uses federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The 10 payments for which the Department did not have adequate supporting documentation from subrecipients totaled $464,473 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $465,976.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by Title 45 CFR Part 75, section 516(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Ensure that it retains documentation reviewed and approved for payment for audit review
• Improve internal controls to ensure program staff review, approve and communicate approval expenditures to those issuing payment to verify they are for allowable activities and within the period of performance prior to payment
• Ensure fiscal staff charge the correct federal programs
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program Immunization staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We partially agree with the exceptions and questioned costs identified. The Department did approve payment with the use of an incorrect indirect rate that was applied to a payment. This was identified as an error through the department’s internal controls during the audit period and that overpayment was corrected. The department stands that this should not have been an exception. The department maintains that its internal policies are held to a higher standard than federal requirements, and the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance at the time of review. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The Immunization program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The Immunization program refer to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures.
• The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The Immunizations program provides technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance.
• The Immunizations program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs
45 CFR Part 75, section 410, Collection of Unallowable Costs
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/22
This is the backup documentation required based on the determined risk level. More supporting documentation may be requested by programs at any time regardless of risk category. Please review your statement of work to determine if there are additional documentation requirements.
Expenditure Category Low-Risk Moderate-Risk High-Risk
Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages
• Hours worked
Example:
Salary
Bob Smith $5,324.75 Ann Brown $1,245.52 Example:
Salary
Bob Smith $5,324.75 Ann Brown $1,245.52 Example: Salary
Bob Smith
$5,324.75 (168 hrs.)
Ann Brown
$1,245.52 (34 hrs.)
Benefits $1,750.35
Benefits $1,750.35
Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Note: Salaries and benefits must be broken out as separate line items.
Note: Salaries and benefits must be broken out as separate line items.
Equipment ($5,000 or more) A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report with DOH preapproval. A-19 and a detailed GL expenditure report with DOH preapproval and copy of the invoice.
Materials and Supplies A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report.
Copies of invoices for transactions over
$2,500.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and detailed GL expenditure report.
Copies of invoices for transactions over
$1,000.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting
documentation.
Meals A-19 and a detailed GL expenditure report and receipt. A-19 and a detailed GL expenditure report with receipt and number of participants or meeting invite. A-19 and a detailed GL expenditure report with receipt, number of participants and sign in roster.
Outreach Materials- All outreach materials must be allowable according to grant terms and conditions. A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report.
Pre-approval required for all outreach materials in excess of
$2,500. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of
$1,000:
AND
• Sample of Outreach materials
Travel A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report and purpose of travel. A-19 and a detailed GL expenditure report and purpose of travel:
AND
• Pre-approval for out of state travel.
Training A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report and receipt for training. A-19 and a detailed GL expenditure report and receipt for training:
AND
• Agenda
Contracts (If the DOH subrecipient is
contracting out with an agency to perform work charged to the grant) A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $5,000. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $1,000.
Sub-Sub recipients (If the DOH subrecipient is passing funds through to another agency as a subrecipient) A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over
$5,000 with a detailed GL report.
• A copy of all invoices over
$1,000 with a detailed GL report.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
• If the subrecipient is using 10% de minimis they must complete DOH de minimis certification.
2024-033 The Department of Health did not have adequate internal controls over cash management and reporting requirements for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02
6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million in noncash assistance from the federal grantor in the form of vaccines.
Immunization is not subject to the Cash Management Improvement Act and is not included in the Treasury-State Agreement for Washington. Programs not covered by a Treasury-State Agreement are subject to the provisions of Title 31 of the U.S. Code of Federal Regulations, Part 205, Subpart B, which specifies how funds transfers from the federal government must be processed. The Department has federal revenue bimonthly draw procedures to request reimbursements in line with the Department’s payroll pay dates.
In addition, the Department is required to submit an annual SF-425 financial report for each open grant. This report contains information on revenue as well as direct and indirect expenditures for each open award.
The Department maintains the Grant Management System (GMS) that is used agency-wide to calculate cash draw amounts and pull financial data needed to complete the SF-425. The Department uses this system as one of its tools to manage all its federal grants. Daily, federal grant revenue and expenditures are automatically uploaded from the Department’s accounting system into its AFRS Data Distribution Services (ADDS) database. Department staff can pull data from ADDS by running queries in GMS. To ensure that the data is properly uploaded, Department staff perform a manual reconciliation between ADDS and the accounting system every workday. Also, indirect expenditures are calculated through the Cost Allocation System (CAS) that the Department maintains. The Department also maintains a chart of accounts (COA) system that feeds coding information into GMS and CAS to instruct these systems how to allocate grant expenditures.
Department staff generate a Grant Draw Report from GMS that provides the necessary information to complete a cash draw and SF-425 report. This report includes calculations for the cash draw amount performed by GMS using expenditure and revenue data received from the ADDS system.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over cash management and reporting requirements for the Immunization program.
Since the Department’s internal controls reviewed are a centralized process, our testing included all its federal programs we reviewed for this audit.
Daily Manual Reconciliation
We used a statistical sampling method to randomly select and examine 24 out of a total population of 250 workdays during the fiscal year. We found that the Department did not complete a reconciliation of the accounting system and ADDS data for three of the 24 days (13%). We also determined that the daily reconciliation included reconciling expenditure data, but not revenue data. Apart from the three instances, our testing discovered that incorrect reporting criteria was used for ADDS reporting, resulting in blank ADDS reports being generated from the system for the first 20 days of fiscal year 2024.
GMS Automated Draw Calculation
We judgmentally selected three cash draws and found the following issues:
• One instance in which the GMS incorrectly calculated the draw amount, resulting in an overdraw of $145,103
• Expenditures charged to valid program project codes did not show on the GMS draw report, resulting in funds being underdrawn by $700,819
• Indirect expenditures were incorrect in the GMS resulting in an overdraw of $153,312
We also examined the Department’s controls over updating the COA to determine if the coding associated with each award entered in GMS and CAS was accurate. Our review found:
• Users could update the COA without review or approval directly in the COA system
• There was no formal process to track the identification and resolution of COA coding errors
• The Department did not correct COA coding errors in a timely manner
• The COA system did not produce and retain audit logs of changes made
These issues are also noted in finding 2024-036.
Due to the issues noted above, we determined that the GMS Grant Draw Report used to complete the SF-425 is not adequately supported. Therefore, we reviewed the data directly from the accounting system and the cost allocation system as support for amounts reported on the SF-425. We examined five of the 10 reports submitted during the fiscal year and did not identify any discrepancies.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate internal controls to ensure the data used to complete cash draws and SF-425 reporting is accurate and complete. The Department also does not have adequate controls in place to detect coding errors that would result in incorrect data being input and pulled from the GMS and CAS.
The Department was not able to provide an explanation for why GMS incorrectly calculated the cash draw amount.
Effect of Condition
By not implementing adequate internal controls, the Department risks reporting inaccurate information on its SF-425 reports, overdrawing federal revenue and having to repay the grantor.
Recommendations
We recommend the Department ensure it:
• Performs daily reconciliations between ADDS and AFRS
• Has adequate internal controls in place over the accuracy of the chart of accounts
• Has adequate controls in place to properly calculate cash draw amounts in GMS
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure adequate internal controls over cash management and reporting requirements for the Immunization program, we partially agree with SAO’s assessment of a material weakness in internal controls over the cash management and reporting process.
Daily Manual Reconciliation
The Department disagrees with this assessment. Our internal controls identified a concern with the ADDs reporting criteria. The Department partnered with our IT department and identified the cause of the report errors. This was corrected within the audit period which allowed us to go back to using this internal control to verify totals.
GMS Automated Draw Calculation
The Department agrees with this assessment and the Department is working diligently to correct the issue.
Chart of Account Updates
The Department disagrees with this assessment. The Chart of Accounts (COA) errors were due to OFM giving the Department the incorrect EA schedule. The 23-25 Biennium EA schedule released from OFM on 06/21/2023 showed the appropriation as 984, which was incorrect. The Departments’ coding structure was set up based on the initial EA schedule provided by OFM. The EA schedule that was released on 10/18/2023 had the correct appropriation of 985. The Department had already set up the COA with incorrect appropriation. After receiving the new EA schedule in October, the Department had to set up all new master index codes with the correct appropriation and JV all expenditures from the old master index codes to the new ones. Therefore, in order to change the existing COA to the correct COA structure with the new EA schedule, the Department had to update the COA structure outside of normal procedures. The Department tracked changes via excel spreadsheets and developed additional internal control processes due to the nature of changes made outside of normal procedures. The Department addressed the COA errors as timely as possible.
Auditor’s Remarks
Daily Manual Reconciliation
We appreciate the Department acknowledging that the system was not generating a report with the correct criteria for 20 days. In addition to this issue, we found three (13%) of the 24 days tested outside of this period were also not reconciled.
Chart of Account Updates
While changes to the COA that resulted in some of the errors were made at the direction of OFM, it was not the cause for all issues identified in the audit. We reaffirm the lack of internal controls within the Department over COA updates resulted in incorrect draw amounts.
We reaffirm our finding and will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 31 CFR Part 205.33, How are funds transfers processed?, states in part:
A state must minimize the time between the Drawdown of Federal Funds from the Federal government and their disbursement for Federal Program Purposes. A federal Program Agency must limit a fund transfer to a State to the minimum amount needed by the State and must time the disbursement to be in accord with the actual, immediate cash requirements of the State in carrying out a federal assistance program or project. The timing and amount of funds transfers must be close as is administratively feasible to a State’s actual cash outlay for direct program costs and proportionate share of any allowable indirect costs. States should exercise sound cash management in funds transfers to subgrantees in accordance with OMB Circular A-102 (For availability, see 5 CFR 1310.3)
CDC General Terms and Conditions for Research Grant and Cooperative Agreements, states in part:
Annual Federal Financial Report (FFR, SF-425): The Annual Federal Financial Report (FFR) SF- 425 is required and must be submitted no later than 90 days after the end of the budget period in the Payment Management System.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-034 The Department of Health did not have adequate internal controls to ensure it filed on-time reports required by the Federal Funding Accountability and Transparency Act for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02
6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-045
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million of vaccines as noncash assistance from the federal grantor.
The Federal Funding Accountability and Transparency Act (Act) requires the Department to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower those with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
When the Department makes a new subaward or amendment, staff update a spreadsheet throughout the month with the subaward information required for reporting. Staff then send the spreadsheet to management for approval before submitting the report. The Department was required to report 16 subawards and amendments in fiscal year 2024, totaling $1,316,302.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the Immunization program. The prior finding numbers were 2023-045 and 2022-032.
Description of Condition
The Department did not have adequate internal controls to ensure it filed on-time reports required by the Act for the Immunization program.
During the audit period, the Department’s process for filing FFATA reports started with a Fiscal Analyst maintaining a spreadsheet throughout the month with the subaward information required for reporting. Management reviewed the spreadsheet and asked the Fiscal Analyst to approve the submission of the report. We used a nonstatistical sampling method to randomly select and examine management approvals for five of the 12 spreadsheets that corresponded with each month in the state fiscal year. We found that two of the five months (40%) did not have management approval.
We used a nonstatistical sampling method to randomly select and examine nine out of the 16 total subawards and amendments the Department was required to report during the state fiscal year. We found that the Department reported four of the six subawards and amendments (67%) late.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not retain documentation to support management review and approval of the monthly FFATA worksheets. Additionally, Department management asserted the late submission of the report for the four subawards was because the contract account coding for the Department’s accounting system was not created at the time of the contract execution. The Department’s process requires this coding to identify reportable information such as the grant Federal Award Identification Number. As soon as the coding information is updated, staff can then submit the items to FSRS.
Effect of Condition
Without performing an adequate review, management cannot ensure the Department submits accurate, complete and on-time reports. Further, failing to submit reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Lastly, the federal award’s terms and conditions allow the grantor to penalize the Department for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Ensure it documents management reviews in writing and retains them for audit review
• Review its FFATA reporting procedure to ensure it submits reports on time
Department’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current process to ensure timely review and submission of the FFATA reports.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a) Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-035 The Department of Health did not have adequate internal controls to ensure providers maintained immunization records, control, accountability and safeguarding of vaccines for the Immunization Cooperative Agreements Program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02 6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Known Questioned Cost Amount: Special Tests and Provisions – Control, Accountability, and Safeguarding of Vaccines
Special Tests and Provisions – Record of Immunization
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children (VFC) program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million of vaccines as noncash assistance from the federal grantor.
The Department works with providers that administer vaccines to eligible children. The Department is required to ensure providers comply with the requirements of the VFC program. This includes ensuring vaccines are adequately safeguarded, used solely for authorized purposes and are only administered to VFC program-eligible children.
The U.S. Centers for Disease Control and Prevention requires the Department to conduct site visits of each provider once every 24 months. Additionally, the Department reviews monthly reports for vaccine doses administered outside the age range (DOAR), vaccine storage temperature logs and inventory reconciliation reports before approving vaccine orders to ensure providers are compliant with these VFC requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure providers maintained immunization records, control, accountability and safeguarding of vaccines for the Immunization Program.
On-site Visits
We used a nonstatistical sampling method to randomly select 56 providers that received a site visit out of the total 502 provider visits completed during the state fiscal year. We found that the Department conducted two (3.6%) provider site visits about two months after the 24-month period.
Ongoing Monitoring
The Department uses a tracking spreadsheet to document the review of the DOAR report, temperature logs and inventory reconciliation report along with any necessary follow-up with providers before approving vaccine orders. We used a statistical sampling method and randomly selected 57 providers out of a total of 570 and examined the review of the submitted reports. We found the Department did not review the DOAR report for two providers (3.5%) and did not track subsequent follow-up on corrective measures in the spreadsheet. Further, we found four providers (7%) had issues on its DOAR report, but the Department approved vaccine orders without receiving the provider’s questionnaire to address the deficiency noted in the report. We did not identify any issues for the temperature logs or the inventory reconciliation reports.
We consider these internal control deficiencies to be a significant deficiency, which did not lead to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said excessive staff workload and providers’ requests to delay visits resulted in the Department not completing on-site visits within the required 24 months.
Department management said that inadequate ongoing monitoring of the reports was due to staff oversight.
Effect of Condition
Without conducting on-site visits every 24 months and without adequate review of the DOAR report and the questionnaire response, the Department risks approving vaccine orders for providers that may not be compliant with VFC program requirements.
By not ensuring it completes on-site visits every 24 months and properly performs reviews of reports, the Department could be subject to sanctions by the grantor.
Recommendations
We recommend the Department ensure:
• That it conducts compliance visits every 24 months
• That it adequately reviews the DOAR report and completes follow-up procedures according to internal policies and procedures
Authority’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department has already taken steps to evaluate current processes to ensure providers maintain immunization records, control, accountability and safeguarding of vaccines for the Immunization Program.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Center for Disease Control and Prevention Vaccines for Children Operations Guide, Page 57 states in part:
Requirement: Awardees must conduct and record VFC compliance site visits, covering areas of provider details, eligibility, documentation, storage and handling (per unit and sitewide), and inventory management with each VFC provider every 24 months.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-032 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03; 6 NH23IP922619-02-04; 6 NH23IP922619-02-06; 6 NH23IP922619-04-01; 5 NH23IP922619-05-00; 6 NH23IP922619-05-01; 6 NH23IP922619-05-02; 6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $464,473
Prior Year Audit Finding: Yes, Finding 2023-044
Background
The Department of Health administers the Immunization Cooperative Agreements program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million in noncash assistance from the federal grantor in the form of vaccines.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
The Department awards federal funds to subrecipients on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts
• Sub-subrecipients
• Indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The accounting unit emailed the requests to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over to ensure payments to providers were allowable, met cost principles and were within the period of performance for the program. The prior finding numbers were 2022-031 and 2023-044.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether program staff had reviewed and approved these expenditures.
We used a statistical sampling method to randomly select and examine 64 out of 483 provider payments. Additionally, we judgmentally reviewed three individually significant payments that exceeded $550,065 each. In total, we examined more than $7.8 million in provider payments as part of the audit. Of the 64 payments examined, we identified seven payments (11%) and three individually significant payments that did not have the required supporting documentation for the subrecipients’ assigned risk level. In addition to not having adequate supporting documentation, of the seven payments randomly selected:
• Two (3%) subrecipient payments utilized a higher indirect rate than the approved rate and the error was not identified at the time of approval
• One (2%) incorrectly charged $25,954 in expenditures for another federal program
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures and fiscal management did not ensure staff properly charged the program.
The Department also did not ensure it maintained access to the documents reviewed during the audit period.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it uses federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The 10 payments for which the Department did not have adequate supporting documentation from subrecipients totaled $464,473 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $465,976.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by Title 45 CFR Part 75, section 516(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Ensure that it retains documentation reviewed and approved for payment for audit review
• Improve internal controls to ensure program staff review, approve and communicate approval expenditures to those issuing payment to verify they are for allowable activities and within the period of performance prior to payment
• Ensure fiscal staff charge the correct federal programs
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program Immunization staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We partially agree with the exceptions and questioned costs identified. The Department did approve payment with the use of an incorrect indirect rate that was applied to a payment. This was identified as an error through the department’s internal controls during the audit period and that overpayment was corrected. The department stands that this should not have been an exception. The department maintains that its internal policies are held to a higher standard than federal requirements, and the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance at the time of review. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The Immunization program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The Immunization program refer to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures.
• The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The Immunizations program provides technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance.
• The Immunizations program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs
45 CFR Part 75, section 410, Collection of Unallowable Costs
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/22
This is the backup documentation required based on the determined risk level. More supporting documentation may be requested by programs at any time regardless of risk category. Please review your statement of work to determine if there are additional documentation requirements.
Expenditure Category Low-Risk Moderate-Risk High-Risk
Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages
• Hours worked
Example:
Salary
Bob Smith $5,324.75 Ann Brown $1,245.52 Example:
Salary
Bob Smith $5,324.75 Ann Brown $1,245.52 Example: Salary
Bob Smith
$5,324.75 (168 hrs.)
Ann Brown
$1,245.52 (34 hrs.)
Benefits $1,750.35
Benefits $1,750.35
Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Note: Salaries and benefits must be broken out as separate line items.
Note: Salaries and benefits must be broken out as separate line items.
Equipment ($5,000 or more) A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report with DOH preapproval. A-19 and a detailed GL expenditure report with DOH preapproval and copy of the invoice.
Materials and Supplies A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report.
Copies of invoices for transactions over
$2,500.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and detailed GL expenditure report.
Copies of invoices for transactions over
$1,000.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting
documentation.
Meals A-19 and a detailed GL expenditure report and receipt. A-19 and a detailed GL expenditure report with receipt and number of participants or meeting invite. A-19 and a detailed GL expenditure report with receipt, number of participants and sign in roster.
Outreach Materials- All outreach materials must be allowable according to grant terms and conditions. A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report.
Pre-approval required for all outreach materials in excess of
$2,500. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of
$1,000:
AND
• Sample of Outreach materials
Travel A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report and purpose of travel. A-19 and a detailed GL expenditure report and purpose of travel:
AND
• Pre-approval for out of state travel.
Training A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report and receipt for training. A-19 and a detailed GL expenditure report and receipt for training:
AND
• Agenda
Contracts (If the DOH subrecipient is
contracting out with an agency to perform work charged to the grant) A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $5,000. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $1,000.
Sub-Sub recipients (If the DOH subrecipient is passing funds through to another agency as a subrecipient) A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over
$5,000 with a detailed GL report.
• A copy of all invoices over
$1,000 with a detailed GL report.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
• If the subrecipient is using 10% de minimis they must complete DOH de minimis certification.
2024-033 The Department of Health did not have adequate internal controls over cash management and reporting requirements for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02
6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million in noncash assistance from the federal grantor in the form of vaccines.
Immunization is not subject to the Cash Management Improvement Act and is not included in the Treasury-State Agreement for Washington. Programs not covered by a Treasury-State Agreement are subject to the provisions of Title 31 of the U.S. Code of Federal Regulations, Part 205, Subpart B, which specifies how funds transfers from the federal government must be processed. The Department has federal revenue bimonthly draw procedures to request reimbursements in line with the Department’s payroll pay dates.
In addition, the Department is required to submit an annual SF-425 financial report for each open grant. This report contains information on revenue as well as direct and indirect expenditures for each open award.
The Department maintains the Grant Management System (GMS) that is used agency-wide to calculate cash draw amounts and pull financial data needed to complete the SF-425. The Department uses this system as one of its tools to manage all its federal grants. Daily, federal grant revenue and expenditures are automatically uploaded from the Department’s accounting system into its AFRS Data Distribution Services (ADDS) database. Department staff can pull data from ADDS by running queries in GMS. To ensure that the data is properly uploaded, Department staff perform a manual reconciliation between ADDS and the accounting system every workday. Also, indirect expenditures are calculated through the Cost Allocation System (CAS) that the Department maintains. The Department also maintains a chart of accounts (COA) system that feeds coding information into GMS and CAS to instruct these systems how to allocate grant expenditures.
Department staff generate a Grant Draw Report from GMS that provides the necessary information to complete a cash draw and SF-425 report. This report includes calculations for the cash draw amount performed by GMS using expenditure and revenue data received from the ADDS system.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over cash management and reporting requirements for the Immunization program.
Since the Department’s internal controls reviewed are a centralized process, our testing included all its federal programs we reviewed for this audit.
Daily Manual Reconciliation
We used a statistical sampling method to randomly select and examine 24 out of a total population of 250 workdays during the fiscal year. We found that the Department did not complete a reconciliation of the accounting system and ADDS data for three of the 24 days (13%). We also determined that the daily reconciliation included reconciling expenditure data, but not revenue data. Apart from the three instances, our testing discovered that incorrect reporting criteria was used for ADDS reporting, resulting in blank ADDS reports being generated from the system for the first 20 days of fiscal year 2024.
GMS Automated Draw Calculation
We judgmentally selected three cash draws and found the following issues:
• One instance in which the GMS incorrectly calculated the draw amount, resulting in an overdraw of $145,103
• Expenditures charged to valid program project codes did not show on the GMS draw report, resulting in funds being underdrawn by $700,819
• Indirect expenditures were incorrect in the GMS resulting in an overdraw of $153,312
We also examined the Department’s controls over updating the COA to determine if the coding associated with each award entered in GMS and CAS was accurate. Our review found:
• Users could update the COA without review or approval directly in the COA system
• There was no formal process to track the identification and resolution of COA coding errors
• The Department did not correct COA coding errors in a timely manner
• The COA system did not produce and retain audit logs of changes made
These issues are also noted in finding 2024-036.
Due to the issues noted above, we determined that the GMS Grant Draw Report used to complete the SF-425 is not adequately supported. Therefore, we reviewed the data directly from the accounting system and the cost allocation system as support for amounts reported on the SF-425. We examined five of the 10 reports submitted during the fiscal year and did not identify any discrepancies.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate internal controls to ensure the data used to complete cash draws and SF-425 reporting is accurate and complete. The Department also does not have adequate controls in place to detect coding errors that would result in incorrect data being input and pulled from the GMS and CAS.
The Department was not able to provide an explanation for why GMS incorrectly calculated the cash draw amount.
Effect of Condition
By not implementing adequate internal controls, the Department risks reporting inaccurate information on its SF-425 reports, overdrawing federal revenue and having to repay the grantor.
Recommendations
We recommend the Department ensure it:
• Performs daily reconciliations between ADDS and AFRS
• Has adequate internal controls in place over the accuracy of the chart of accounts
• Has adequate controls in place to properly calculate cash draw amounts in GMS
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure adequate internal controls over cash management and reporting requirements for the Immunization program, we partially agree with SAO’s assessment of a material weakness in internal controls over the cash management and reporting process.
Daily Manual Reconciliation
The Department disagrees with this assessment. Our internal controls identified a concern with the ADDs reporting criteria. The Department partnered with our IT department and identified the cause of the report errors. This was corrected within the audit period which allowed us to go back to using this internal control to verify totals.
GMS Automated Draw Calculation
The Department agrees with this assessment and the Department is working diligently to correct the issue.
Chart of Account Updates
The Department disagrees with this assessment. The Chart of Accounts (COA) errors were due to OFM giving the Department the incorrect EA schedule. The 23-25 Biennium EA schedule released from OFM on 06/21/2023 showed the appropriation as 984, which was incorrect. The Departments’ coding structure was set up based on the initial EA schedule provided by OFM. The EA schedule that was released on 10/18/2023 had the correct appropriation of 985. The Department had already set up the COA with incorrect appropriation. After receiving the new EA schedule in October, the Department had to set up all new master index codes with the correct appropriation and JV all expenditures from the old master index codes to the new ones. Therefore, in order to change the existing COA to the correct COA structure with the new EA schedule, the Department had to update the COA structure outside of normal procedures. The Department tracked changes via excel spreadsheets and developed additional internal control processes due to the nature of changes made outside of normal procedures. The Department addressed the COA errors as timely as possible.
Auditor’s Remarks
Daily Manual Reconciliation
We appreciate the Department acknowledging that the system was not generating a report with the correct criteria for 20 days. In addition to this issue, we found three (13%) of the 24 days tested outside of this period were also not reconciled.
Chart of Account Updates
While changes to the COA that resulted in some of the errors were made at the direction of OFM, it was not the cause for all issues identified in the audit. We reaffirm the lack of internal controls within the Department over COA updates resulted in incorrect draw amounts.
We reaffirm our finding and will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 31 CFR Part 205.33, How are funds transfers processed?, states in part:
A state must minimize the time between the Drawdown of Federal Funds from the Federal government and their disbursement for Federal Program Purposes. A federal Program Agency must limit a fund transfer to a State to the minimum amount needed by the State and must time the disbursement to be in accord with the actual, immediate cash requirements of the State in carrying out a federal assistance program or project. The timing and amount of funds transfers must be close as is administratively feasible to a State’s actual cash outlay for direct program costs and proportionate share of any allowable indirect costs. States should exercise sound cash management in funds transfers to subgrantees in accordance with OMB Circular A-102 (For availability, see 5 CFR 1310.3)
CDC General Terms and Conditions for Research Grant and Cooperative Agreements, states in part:
Annual Federal Financial Report (FFR, SF-425): The Annual Federal Financial Report (FFR) SF- 425 is required and must be submitted no later than 90 days after the end of the budget period in the Payment Management System.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-034 The Department of Health did not have adequate internal controls to ensure it filed on-time reports required by the Federal Funding Accountability and Transparency Act for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02
6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-045
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million of vaccines as noncash assistance from the federal grantor.
The Federal Funding Accountability and Transparency Act (Act) requires the Department to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower those with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
When the Department makes a new subaward or amendment, staff update a spreadsheet throughout the month with the subaward information required for reporting. Staff then send the spreadsheet to management for approval before submitting the report. The Department was required to report 16 subawards and amendments in fiscal year 2024, totaling $1,316,302.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the Immunization program. The prior finding numbers were 2023-045 and 2022-032.
Description of Condition
The Department did not have adequate internal controls to ensure it filed on-time reports required by the Act for the Immunization program.
During the audit period, the Department’s process for filing FFATA reports started with a Fiscal Analyst maintaining a spreadsheet throughout the month with the subaward information required for reporting. Management reviewed the spreadsheet and asked the Fiscal Analyst to approve the submission of the report. We used a nonstatistical sampling method to randomly select and examine management approvals for five of the 12 spreadsheets that corresponded with each month in the state fiscal year. We found that two of the five months (40%) did not have management approval.
We used a nonstatistical sampling method to randomly select and examine nine out of the 16 total subawards and amendments the Department was required to report during the state fiscal year. We found that the Department reported four of the six subawards and amendments (67%) late.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not retain documentation to support management review and approval of the monthly FFATA worksheets. Additionally, Department management asserted the late submission of the report for the four subawards was because the contract account coding for the Department’s accounting system was not created at the time of the contract execution. The Department’s process requires this coding to identify reportable information such as the grant Federal Award Identification Number. As soon as the coding information is updated, staff can then submit the items to FSRS.
Effect of Condition
Without performing an adequate review, management cannot ensure the Department submits accurate, complete and on-time reports. Further, failing to submit reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Lastly, the federal award’s terms and conditions allow the grantor to penalize the Department for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Ensure it documents management reviews in writing and retains them for audit review
• Review its FFATA reporting procedure to ensure it submits reports on time
Department’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current process to ensure timely review and submission of the FFATA reports.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a) Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-035 The Department of Health did not have adequate internal controls to ensure providers maintained immunization records, control, accountability and safeguarding of vaccines for the Immunization Cooperative Agreements Program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02 6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Known Questioned Cost Amount: Special Tests and Provisions – Control, Accountability, and Safeguarding of Vaccines
Special Tests and Provisions – Record of Immunization
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children (VFC) program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million of vaccines as noncash assistance from the federal grantor.
The Department works with providers that administer vaccines to eligible children. The Department is required to ensure providers comply with the requirements of the VFC program. This includes ensuring vaccines are adequately safeguarded, used solely for authorized purposes and are only administered to VFC program-eligible children.
The U.S. Centers for Disease Control and Prevention requires the Department to conduct site visits of each provider once every 24 months. Additionally, the Department reviews monthly reports for vaccine doses administered outside the age range (DOAR), vaccine storage temperature logs and inventory reconciliation reports before approving vaccine orders to ensure providers are compliant with these VFC requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure providers maintained immunization records, control, accountability and safeguarding of vaccines for the Immunization Program.
On-site Visits
We used a nonstatistical sampling method to randomly select 56 providers that received a site visit out of the total 502 provider visits completed during the state fiscal year. We found that the Department conducted two (3.6%) provider site visits about two months after the 24-month period.
Ongoing Monitoring
The Department uses a tracking spreadsheet to document the review of the DOAR report, temperature logs and inventory reconciliation report along with any necessary follow-up with providers before approving vaccine orders. We used a statistical sampling method and randomly selected 57 providers out of a total of 570 and examined the review of the submitted reports. We found the Department did not review the DOAR report for two providers (3.5%) and did not track subsequent follow-up on corrective measures in the spreadsheet. Further, we found four providers (7%) had issues on its DOAR report, but the Department approved vaccine orders without receiving the provider’s questionnaire to address the deficiency noted in the report. We did not identify any issues for the temperature logs or the inventory reconciliation reports.
We consider these internal control deficiencies to be a significant deficiency, which did not lead to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said excessive staff workload and providers’ requests to delay visits resulted in the Department not completing on-site visits within the required 24 months.
Department management said that inadequate ongoing monitoring of the reports was due to staff oversight.
Effect of Condition
Without conducting on-site visits every 24 months and without adequate review of the DOAR report and the questionnaire response, the Department risks approving vaccine orders for providers that may not be compliant with VFC program requirements.
By not ensuring it completes on-site visits every 24 months and properly performs reviews of reports, the Department could be subject to sanctions by the grantor.
Recommendations
We recommend the Department ensure:
• That it conducts compliance visits every 24 months
• That it adequately reviews the DOAR report and completes follow-up procedures according to internal policies and procedures
Authority’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department has already taken steps to evaluate current processes to ensure providers maintain immunization records, control, accountability and safeguarding of vaccines for the Immunization Program.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Center for Disease Control and Prevention Vaccines for Children Operations Guide, Page 57 states in part:
Requirement: Awardees must conduct and record VFC compliance site visits, covering areas of provider details, eligibility, documentation, storage and handling (per unit and sitewide), and inventory management with each VFC provider every 24 months.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-032 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03; 6 NH23IP922619-02-04; 6 NH23IP922619-02-06; 6 NH23IP922619-04-01; 5 NH23IP922619-05-00; 6 NH23IP922619-05-01; 6 NH23IP922619-05-02; 6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $464,473
Prior Year Audit Finding: Yes, Finding 2023-044
Background
The Department of Health administers the Immunization Cooperative Agreements program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million in noncash assistance from the federal grantor in the form of vaccines.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
The Department awards federal funds to subrecipients on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts
• Sub-subrecipients
• Indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The accounting unit emailed the requests to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over to ensure payments to providers were allowable, met cost principles and were within the period of performance for the program. The prior finding numbers were 2022-031 and 2023-044.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether program staff had reviewed and approved these expenditures.
We used a statistical sampling method to randomly select and examine 64 out of 483 provider payments. Additionally, we judgmentally reviewed three individually significant payments that exceeded $550,065 each. In total, we examined more than $7.8 million in provider payments as part of the audit. Of the 64 payments examined, we identified seven payments (11%) and three individually significant payments that did not have the required supporting documentation for the subrecipients’ assigned risk level. In addition to not having adequate supporting documentation, of the seven payments randomly selected:
• Two (3%) subrecipient payments utilized a higher indirect rate than the approved rate and the error was not identified at the time of approval
• One (2%) incorrectly charged $25,954 in expenditures for another federal program
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures and fiscal management did not ensure staff properly charged the program.
The Department also did not ensure it maintained access to the documents reviewed during the audit period.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it uses federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The 10 payments for which the Department did not have adequate supporting documentation from subrecipients totaled $464,473 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $465,976.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by Title 45 CFR Part 75, section 516(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Ensure that it retains documentation reviewed and approved for payment for audit review
• Improve internal controls to ensure program staff review, approve and communicate approval expenditures to those issuing payment to verify they are for allowable activities and within the period of performance prior to payment
• Ensure fiscal staff charge the correct federal programs
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program Immunization staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We partially agree with the exceptions and questioned costs identified. The Department did approve payment with the use of an incorrect indirect rate that was applied to a payment. This was identified as an error through the department’s internal controls during the audit period and that overpayment was corrected. The department stands that this should not have been an exception. The department maintains that its internal policies are held to a higher standard than federal requirements, and the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance at the time of review. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The Immunization program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The Immunization program refer to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures.
• The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The Immunizations program provides technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance.
• The Immunizations program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs
45 CFR Part 75, section 410, Collection of Unallowable Costs
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/22
This is the backup documentation required based on the determined risk level. More supporting documentation may be requested by programs at any time regardless of risk category. Please review your statement of work to determine if there are additional documentation requirements.
Expenditure Category Low-Risk Moderate-Risk High-Risk
Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages
• Hours worked
Example:
Salary
Bob Smith $5,324.75 Ann Brown $1,245.52 Example:
Salary
Bob Smith $5,324.75 Ann Brown $1,245.52 Example: Salary
Bob Smith
$5,324.75 (168 hrs.)
Ann Brown
$1,245.52 (34 hrs.)
Benefits $1,750.35
Benefits $1,750.35
Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Note: Salaries and benefits must be broken out as separate line items.
Note: Salaries and benefits must be broken out as separate line items.
Equipment ($5,000 or more) A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report with DOH preapproval. A-19 and a detailed GL expenditure report with DOH preapproval and copy of the invoice.
Materials and Supplies A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report.
Copies of invoices for transactions over
$2,500.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and detailed GL expenditure report.
Copies of invoices for transactions over
$1,000.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting
documentation.
Meals A-19 and a detailed GL expenditure report and receipt. A-19 and a detailed GL expenditure report with receipt and number of participants or meeting invite. A-19 and a detailed GL expenditure report with receipt, number of participants and sign in roster.
Outreach Materials- All outreach materials must be allowable according to grant terms and conditions. A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report.
Pre-approval required for all outreach materials in excess of
$2,500. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of
$1,000:
AND
• Sample of Outreach materials
Travel A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report and purpose of travel. A-19 and a detailed GL expenditure report and purpose of travel:
AND
• Pre-approval for out of state travel.
Training A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report and receipt for training. A-19 and a detailed GL expenditure report and receipt for training:
AND
• Agenda
Contracts (If the DOH subrecipient is
contracting out with an agency to perform work charged to the grant) A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $5,000. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $1,000.
Sub-Sub recipients (If the DOH subrecipient is passing funds through to another agency as a subrecipient) A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over
$5,000 with a detailed GL report.
• A copy of all invoices over
$1,000 with a detailed GL report.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
• If the subrecipient is using 10% de minimis they must complete DOH de minimis certification.
2024-033 The Department of Health did not have adequate internal controls over cash management and reporting requirements for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02
6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million in noncash assistance from the federal grantor in the form of vaccines.
Immunization is not subject to the Cash Management Improvement Act and is not included in the Treasury-State Agreement for Washington. Programs not covered by a Treasury-State Agreement are subject to the provisions of Title 31 of the U.S. Code of Federal Regulations, Part 205, Subpart B, which specifies how funds transfers from the federal government must be processed. The Department has federal revenue bimonthly draw procedures to request reimbursements in line with the Department’s payroll pay dates.
In addition, the Department is required to submit an annual SF-425 financial report for each open grant. This report contains information on revenue as well as direct and indirect expenditures for each open award.
The Department maintains the Grant Management System (GMS) that is used agency-wide to calculate cash draw amounts and pull financial data needed to complete the SF-425. The Department uses this system as one of its tools to manage all its federal grants. Daily, federal grant revenue and expenditures are automatically uploaded from the Department’s accounting system into its AFRS Data Distribution Services (ADDS) database. Department staff can pull data from ADDS by running queries in GMS. To ensure that the data is properly uploaded, Department staff perform a manual reconciliation between ADDS and the accounting system every workday. Also, indirect expenditures are calculated through the Cost Allocation System (CAS) that the Department maintains. The Department also maintains a chart of accounts (COA) system that feeds coding information into GMS and CAS to instruct these systems how to allocate grant expenditures.
Department staff generate a Grant Draw Report from GMS that provides the necessary information to complete a cash draw and SF-425 report. This report includes calculations for the cash draw amount performed by GMS using expenditure and revenue data received from the ADDS system.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over cash management and reporting requirements for the Immunization program.
Since the Department’s internal controls reviewed are a centralized process, our testing included all its federal programs we reviewed for this audit.
Daily Manual Reconciliation
We used a statistical sampling method to randomly select and examine 24 out of a total population of 250 workdays during the fiscal year. We found that the Department did not complete a reconciliation of the accounting system and ADDS data for three of the 24 days (13%). We also determined that the daily reconciliation included reconciling expenditure data, but not revenue data. Apart from the three instances, our testing discovered that incorrect reporting criteria was used for ADDS reporting, resulting in blank ADDS reports being generated from the system for the first 20 days of fiscal year 2024.
GMS Automated Draw Calculation
We judgmentally selected three cash draws and found the following issues:
• One instance in which the GMS incorrectly calculated the draw amount, resulting in an overdraw of $145,103
• Expenditures charged to valid program project codes did not show on the GMS draw report, resulting in funds being underdrawn by $700,819
• Indirect expenditures were incorrect in the GMS resulting in an overdraw of $153,312
We also examined the Department’s controls over updating the COA to determine if the coding associated with each award entered in GMS and CAS was accurate. Our review found:
• Users could update the COA without review or approval directly in the COA system
• There was no formal process to track the identification and resolution of COA coding errors
• The Department did not correct COA coding errors in a timely manner
• The COA system did not produce and retain audit logs of changes made
These issues are also noted in finding 2024-036.
Due to the issues noted above, we determined that the GMS Grant Draw Report used to complete the SF-425 is not adequately supported. Therefore, we reviewed the data directly from the accounting system and the cost allocation system as support for amounts reported on the SF-425. We examined five of the 10 reports submitted during the fiscal year and did not identify any discrepancies.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate internal controls to ensure the data used to complete cash draws and SF-425 reporting is accurate and complete. The Department also does not have adequate controls in place to detect coding errors that would result in incorrect data being input and pulled from the GMS and CAS.
The Department was not able to provide an explanation for why GMS incorrectly calculated the cash draw amount.
Effect of Condition
By not implementing adequate internal controls, the Department risks reporting inaccurate information on its SF-425 reports, overdrawing federal revenue and having to repay the grantor.
Recommendations
We recommend the Department ensure it:
• Performs daily reconciliations between ADDS and AFRS
• Has adequate internal controls in place over the accuracy of the chart of accounts
• Has adequate controls in place to properly calculate cash draw amounts in GMS
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure adequate internal controls over cash management and reporting requirements for the Immunization program, we partially agree with SAO’s assessment of a material weakness in internal controls over the cash management and reporting process.
Daily Manual Reconciliation
The Department disagrees with this assessment. Our internal controls identified a concern with the ADDs reporting criteria. The Department partnered with our IT department and identified the cause of the report errors. This was corrected within the audit period which allowed us to go back to using this internal control to verify totals.
GMS Automated Draw Calculation
The Department agrees with this assessment and the Department is working diligently to correct the issue.
Chart of Account Updates
The Department disagrees with this assessment. The Chart of Accounts (COA) errors were due to OFM giving the Department the incorrect EA schedule. The 23-25 Biennium EA schedule released from OFM on 06/21/2023 showed the appropriation as 984, which was incorrect. The Departments’ coding structure was set up based on the initial EA schedule provided by OFM. The EA schedule that was released on 10/18/2023 had the correct appropriation of 985. The Department had already set up the COA with incorrect appropriation. After receiving the new EA schedule in October, the Department had to set up all new master index codes with the correct appropriation and JV all expenditures from the old master index codes to the new ones. Therefore, in order to change the existing COA to the correct COA structure with the new EA schedule, the Department had to update the COA structure outside of normal procedures. The Department tracked changes via excel spreadsheets and developed additional internal control processes due to the nature of changes made outside of normal procedures. The Department addressed the COA errors as timely as possible.
Auditor’s Remarks
Daily Manual Reconciliation
We appreciate the Department acknowledging that the system was not generating a report with the correct criteria for 20 days. In addition to this issue, we found three (13%) of the 24 days tested outside of this period were also not reconciled.
Chart of Account Updates
While changes to the COA that resulted in some of the errors were made at the direction of OFM, it was not the cause for all issues identified in the audit. We reaffirm the lack of internal controls within the Department over COA updates resulted in incorrect draw amounts.
We reaffirm our finding and will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 31 CFR Part 205.33, How are funds transfers processed?, states in part:
A state must minimize the time between the Drawdown of Federal Funds from the Federal government and their disbursement for Federal Program Purposes. A federal Program Agency must limit a fund transfer to a State to the minimum amount needed by the State and must time the disbursement to be in accord with the actual, immediate cash requirements of the State in carrying out a federal assistance program or project. The timing and amount of funds transfers must be close as is administratively feasible to a State’s actual cash outlay for direct program costs and proportionate share of any allowable indirect costs. States should exercise sound cash management in funds transfers to subgrantees in accordance with OMB Circular A-102 (For availability, see 5 CFR 1310.3)
CDC General Terms and Conditions for Research Grant and Cooperative Agreements, states in part:
Annual Federal Financial Report (FFR, SF-425): The Annual Federal Financial Report (FFR) SF- 425 is required and must be submitted no later than 90 days after the end of the budget period in the Payment Management System.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-034 The Department of Health did not have adequate internal controls to ensure it filed on-time reports required by the Federal Funding Accountability and Transparency Act for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02
6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-045
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million of vaccines as noncash assistance from the federal grantor.
The Federal Funding Accountability and Transparency Act (Act) requires the Department to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower those with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
When the Department makes a new subaward or amendment, staff update a spreadsheet throughout the month with the subaward information required for reporting. Staff then send the spreadsheet to management for approval before submitting the report. The Department was required to report 16 subawards and amendments in fiscal year 2024, totaling $1,316,302.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the Immunization program. The prior finding numbers were 2023-045 and 2022-032.
Description of Condition
The Department did not have adequate internal controls to ensure it filed on-time reports required by the Act for the Immunization program.
During the audit period, the Department’s process for filing FFATA reports started with a Fiscal Analyst maintaining a spreadsheet throughout the month with the subaward information required for reporting. Management reviewed the spreadsheet and asked the Fiscal Analyst to approve the submission of the report. We used a nonstatistical sampling method to randomly select and examine management approvals for five of the 12 spreadsheets that corresponded with each month in the state fiscal year. We found that two of the five months (40%) did not have management approval.
We used a nonstatistical sampling method to randomly select and examine nine out of the 16 total subawards and amendments the Department was required to report during the state fiscal year. We found that the Department reported four of the six subawards and amendments (67%) late.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not retain documentation to support management review and approval of the monthly FFATA worksheets. Additionally, Department management asserted the late submission of the report for the four subawards was because the contract account coding for the Department’s accounting system was not created at the time of the contract execution. The Department’s process requires this coding to identify reportable information such as the grant Federal Award Identification Number. As soon as the coding information is updated, staff can then submit the items to FSRS.
Effect of Condition
Without performing an adequate review, management cannot ensure the Department submits accurate, complete and on-time reports. Further, failing to submit reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Lastly, the federal award’s terms and conditions allow the grantor to penalize the Department for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Ensure it documents management reviews in writing and retains them for audit review
• Review its FFATA reporting procedure to ensure it submits reports on time
Department’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current process to ensure timely review and submission of the FFATA reports.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a) Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-035 The Department of Health did not have adequate internal controls to ensure providers maintained immunization records, control, accountability and safeguarding of vaccines for the Immunization Cooperative Agreements Program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02 6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Known Questioned Cost Amount: Special Tests and Provisions – Control, Accountability, and Safeguarding of Vaccines
Special Tests and Provisions – Record of Immunization
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children (VFC) program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million of vaccines as noncash assistance from the federal grantor.
The Department works with providers that administer vaccines to eligible children. The Department is required to ensure providers comply with the requirements of the VFC program. This includes ensuring vaccines are adequately safeguarded, used solely for authorized purposes and are only administered to VFC program-eligible children.
The U.S. Centers for Disease Control and Prevention requires the Department to conduct site visits of each provider once every 24 months. Additionally, the Department reviews monthly reports for vaccine doses administered outside the age range (DOAR), vaccine storage temperature logs and inventory reconciliation reports before approving vaccine orders to ensure providers are compliant with these VFC requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure providers maintained immunization records, control, accountability and safeguarding of vaccines for the Immunization Program.
On-site Visits
We used a nonstatistical sampling method to randomly select 56 providers that received a site visit out of the total 502 provider visits completed during the state fiscal year. We found that the Department conducted two (3.6%) provider site visits about two months after the 24-month period.
Ongoing Monitoring
The Department uses a tracking spreadsheet to document the review of the DOAR report, temperature logs and inventory reconciliation report along with any necessary follow-up with providers before approving vaccine orders. We used a statistical sampling method and randomly selected 57 providers out of a total of 570 and examined the review of the submitted reports. We found the Department did not review the DOAR report for two providers (3.5%) and did not track subsequent follow-up on corrective measures in the spreadsheet. Further, we found four providers (7%) had issues on its DOAR report, but the Department approved vaccine orders without receiving the provider’s questionnaire to address the deficiency noted in the report. We did not identify any issues for the temperature logs or the inventory reconciliation reports.
We consider these internal control deficiencies to be a significant deficiency, which did not lead to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said excessive staff workload and providers’ requests to delay visits resulted in the Department not completing on-site visits within the required 24 months.
Department management said that inadequate ongoing monitoring of the reports was due to staff oversight.
Effect of Condition
Without conducting on-site visits every 24 months and without adequate review of the DOAR report and the questionnaire response, the Department risks approving vaccine orders for providers that may not be compliant with VFC program requirements.
By not ensuring it completes on-site visits every 24 months and properly performs reviews of reports, the Department could be subject to sanctions by the grantor.
Recommendations
We recommend the Department ensure:
• That it conducts compliance visits every 24 months
• That it adequately reviews the DOAR report and completes follow-up procedures according to internal policies and procedures
Authority’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department has already taken steps to evaluate current processes to ensure providers maintain immunization records, control, accountability and safeguarding of vaccines for the Immunization Program.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Center for Disease Control and Prevention Vaccines for Children Operations Guide, Page 57 states in part:
Requirement: Awardees must conduct and record VFC compliance site visits, covering areas of provider details, eligibility, documentation, storage and handling (per unit and sitewide), and inventory management with each VFC provider every 24 months.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-036 The Department of Health did not have adequate internal controls over cash management and allowable cost requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Too numerous to list
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Known Questioned Cost Amount: $298,415
Prior Year Audit Finding: N/A
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024.
The ELC program is subject to the Cash Management Improvement Act (CMIA) and is included in the Treasury-State Agreement for Washington. The primary purpose of the CMIA agreement is to ensure states request federal funds when they are needed so that no interest is gained or lost by either the federal or state governments. The agreement specifies the funding technique the Department should use when requesting federal funds. The Department shall draw funds semi-monthly, according to the state payroll schedule.
The Department maintains the Grant Management System (GMS) that is used to calculate cash draw amounts. The Department also utilizes the Cost Allocation System (CAS) to calculate indirect costs associated with expenditures. The Department uses these systems as agency-wide tools to manage all its federal grants. Daily, federal grant revenue and expenditures are automatically uploaded from the Department’s accounting system into its AFRS Data Distribution Services (ADDS) database. Department staff can pull data from ADDS by running queries in GMS and CAS.
To ensure that the data is properly uploaded, Department staff perform a manual reconciliation between ADDS and the accounting system every workday. The Department also maintains a chart of accounts (COA) system that feeds coding information into GMS and CAS to instruct these systems how to allocate grant expenditures.
Department staff generate a Grant Draw Report from GMS that provides the necessary information to complete a cash draw. This report includes calculations for the cash draw amount performed by GMS, as well as indirect costs calculated by CAS, using expenditure and revenue data received from the ADDS system.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over cash management and allowable cost requirements for the ELC program.
Since the Department’s internal controls reviewed are a centralized process, our testing included all its federal programs we reviewed for this audit.
Daily Manual Reconciliation
We used a statistical sampling method to randomly select and examine 24 out of a total population of 250 workdays during the fiscal year. We found that the Department did not complete a reconciliation of the accounting system and ADDS data for three of the 24 days (13%). We also determined that the daily reconciliation included reconciling expenditure data, but not revenue data. Apart from the three instances, our testing discovered that incorrect reporting criteria was used for ADDS reporting, resulting in blank ADDS reports being generated from the system for the first 20 days of fiscal year 2024.
GMS Automated Draw Calculation
We judgmentally selected three cash draws and found the following issues:
• One instance in which the GMS incorrectly calculated the draw amount, resulting in an overdraw of $145,103
• Expenditures charged to valid program project codes did not show on the GMS draw report, resulting in funds being underdrawn by $700,819
• Indirect expenditures were incorrect in the GMS resulting in an overdraw of $153,312
We also examined the Department’s controls over updating the COA to determine if the coding associated with each award entered in GMS and CAS was accurate. Our review found:
• Users could update the COA without review or approval directly in the COA system
• There was no formal process to track the identification and resolution of COA coding errors
• The Department did not correct COA coding errors in a timely manner
• The COA system did not produce and retain audit logs of changes made
These issues are also noted in finding 2024-033.
Cash Management Improvement Act Testing
The CMIA for the ELC program states that cash draws are to be made one day before scheduled pay days throughout the year. We reviewed the timing of ELC cash draws made during the fiscal year to ensure they were in keeping with CMIA timing requirements. We determined that for expenditures incurred in fiscal year 2024, no cash draws were made during the first five payroll periods of the year. We also identified nine cash draws that correspond to a payroll period, but were not made one day before the scheduled pay day as the CMIA requires. Additionally, there was one cash draw that we determined to be noncompliant as it was in the middle of a payroll period.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
These issues were not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate internal controls to ensure the data used to complete cash draws was accurate and complete and that the timing of draws was in compliance with the CMIA requirements. The Department also does not have adequate controls in place to detect coding errors that would result in incorrect data being input and pulled from the GMS and CAS. Coding errors in the chart of accounts resulted in indirect expenditures being overcharged to the grant. The Department was unable to provide an explanation as to the cause of the chart of account errors.
The Department was not able to provide an explanation for why GMS incorrectly calculated the cash draw amount.
Effect of Condition and Questioned Costs
By not implementing adequate internal controls, the Department overdrew indirect expenditures by $298,415, which we are reporting as questioned costs. Overdraws can result in the Department having to repay the grantor.
Violations of the CMIA can result in the grantor denying the state payment or credit for the resulting federal interest liability or other sanctions. Delaying federal draw-down requests also results in state funds being advanced longer than necessary and potentially losing interest revenue for the state.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Department ensure it:
• Performs daily reconciliations between ADDS and AFRS
• Has adequate internal controls in place over the updating of the chart of accounts
• Has adequate controls in place to properly calculate cash draw amounts in GMS
• Performs cash draws on the schedule specified in the CMIA agreement
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure adequate internal controls over cash management and allowable cost requirements for the ELC program, we partially disagree with SAO’s assessment of a material weakness in internal controls over the cash management and allowable cost requirements for the ELC program.
Daily Manual Reconciliation
The Department disagrees with this assessment. Our internal controls identified a concern with the ADDs reporting criteria. The Department partnered with our IT department and identified the cause of the report errors. This was corrected within the audit period which allowed us to go back to using this internal control to verify totals.
GMS Automated Draw Calculation
The Department agrees with this assessment and the Department is working diligently to correct the issue.
Chart of Account Updates
The Department disagrees with this assessment. The Chart of Accounts (COA) errors were due to OFM giving the Department the incorrect EA schedule. The 23-25 Biennium EA schedule released from OFM on 06/21/2023 showed the appropriation as 984, which was incorrect. The Departments’ coding structure was set up based on the initial EA schedule provided by OFM. The EA schedule that was released on 10/18/2023 had the correct appropriation of 985. The Department had already set up the COA with incorrect appropriation. After receiving the new EA schedule in October, the Department had to set up all new master index codes with the correct appropriation and JV all expenditures from the old master index codes to the new ones. Therefore, in order to change the existing COA to the correct COA structure with the new EA schedule, the Department had to update the COA structure outside of normal procedures. The Department tracked changes via excel spreadsheets and developed additional internal control processes due to the nature of changes made outside of normal procedures. The Department addressed the COA errors as timely as possible.
CMIA
The Department disagrees with this assessment. The Department performed draws for ELC using the prior periods MI codes. The Department spends on a first in, first out method. The Department uses the previous year’s code for all expenditures that occurred in the allowable period and the funding has a 90-day period to process all previous year’s expenditures. There will always be expenditures and draws for a previous budget year in the first couple months of the new year due to the timing of invoices and processing. The department also ensures we are drawing in line with CMIA funding techniques and the payroll cycle. The states payroll cycle results in money leaving the treasury account prior to the 10th and the 25th. DOH ensures we draw funds after the cycle has ended and by state pay dates. This ensures the state is made whole in a timely manner.
Auditor’s Remarks
Daily Manual Reconciliation
We appreciate the Department acknowledging that the system was not generating a report with the correct criteria for 20 days. In addition to this issue, we found three (13%) of the 24 days tested outside of this period were also not reconciled.
Chart of Account Updates
While changes to the COA that resulted in some of the errors were made at the direction of OFM, it was not the cause for all issues identified in the audit. We reaffirm the lack of internal controls within the Department over COA updates resulted in incorrect draw amounts.
CMIA
We agree that funding for expenditures occurring at the close of a fiscal year can be drawn during the next fiscal year due to the timing of invoices and processing. However, the Department did not complete cash draws for expenditures incurred during July and August of fiscal year 2024, as required by the CMIA. Additionally, nine cash draws completed by the Department during the fiscal year were completed earlier than allowed by the approved terms of the CMIA.
We reaffirm our finding and will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75 section 2 establishes definitions for questioned costs.
Title 45 CFR Part 75 section 403 establishes the factors affecting the allowability of costs.
Title 45 CFR Part 75 section 410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 205, Rules and Procedures for Efficient Federal-State Funds Transfers, section 11, What requirements apply to funding techniques?, states in part:
(a) A State and a Federal Program Agency must minimize the time elapsing between the transfer of funds from the United States Treasury and the State's payout of funds for Federal assistance program purposes, whether the transfer occurs before or after the payout of funds.
(b) A State and a Federal Program Agency must limit the amount of funds transferred to the minimum required to meet a State's actual and immediate cash needs.
Title 31 CFR Part 205.29, What are the State oversight and compliance responsibilities? states in part:
(d) If a State repeatedly or deliberately fails to request funds in accordance with the procedures established for its funding techniques, as set forth in § 205.11, § 205.12, or a Treasury-State agreement, we may deny the State payment or credit for the resulting Federal interest liability, notwithstanding any other provision of this part.
(e) If a State materially fails to comply with this subpart A, we may, in addition to the action described in paragraph (d) of this section, take one or more of the following actions, as appropriate under the circumstances:
(1) Deny the reimbursement of all or a part of the State's interest calculation cost claim;
(2) Send notification of the non-compliance to the affected Federal Program Agency for appropriate action, including, where appropriate, a determination regarding the impact of non-compliance on program funding;
(3) Request a Federal Program Agency or the General Accounting Office to conduct an audit of the State to determine interest owed to the Federal government, and to implement procedures to recover such interest;
(4) Initiate a debt collection process to recover claims owed to the United States; or
(5) Take other remedies legally available.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Cash Management Improvement Act (CMIA) of 2024, states in part:
6.2.4 The following are terms under which State unique funding techniques shall be implemented for all transfers of funds to which the funding technique is applied in section 6.3.2 of this Agreement.
Modified Direct Program Costs - Admin, Payroll, Payments to Providers:
The State shall request funds for all direct administrative costs and/or payroll costs, and/or payments made to providers and to support providers. The request shall be made in accordance with the appropriate Federal agency cut-off time specified in Exhibit I. The amount of the funds requested shall be based on the amount of expenditures recorded for direct administrative costs and/or payroll costs and/or payments made to providers or to support providers since the last request for funds. The State payroll cycle is payday twice a month. Draws made the day before payday are for deposit on payday. The draw request will be made in accordance with the cutoff time in Exhibit 1. The amount of the funds requested shall be based on the amount of expenditures recorded for direct administrative costs and/or payroll costs and/or payments made to providers or to support providers since the last request for funds. This funding technique is interest neutral.
6.3.2 Programs
93.323 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC)
Recipient: Department of Health
% of Funds Agency Receives: 100
Component: Admin, Payroll, Payments to Providers
Technique: Modified Direct Program Costs - Admin, Payroll, Payments to Providers
Average Day of Clearance: 0 Days
2024-037 Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable and met cost principles for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Too numerous to list
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $2,037
Prior Year Audit Finding: Yes, Finding 2023-046
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports several specific infectious disease programs and projects, and provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024, more than $20 million of which it disbursed to subrecipients.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions (LHJs) that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts and sub-subrecipients
• Administrative/indirect costs
During the audit period, LHJs submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Beginning in February 2023, program staff documented their review and approval of the reimbursement request on a spreadsheet. The spreadsheet was only used at the program level, so it was not shared with the fiscal staff to communicate approval prior to issuing payment.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior year audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding numbers were 2023-046 and 2022-033.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable and met cost principles for the ELC program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payments. As a result, the Department paid the LHJs without knowing whether these expenditures had been reviewed and approved by the program staff.
We used a nonstatistical sampling method to randomly select and examine 25 out of a total population of 280 payments to LHJs. In total, we examined $548,396 in LHJ subrecipient payments as part of the audit. Of the 25 randomly selected payments examined, we identified two payments (8%) that did not have the required supporting documentation for the subrecipients’ assigned risk level.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying LHJs without ensuring program staff reviewed and determined the payment was allowable and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes. By not ensuring LHJs submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The two payments for which the Department did not have required supporting documentation from LHJs totaled $2,037 in known questioned costs. Based on these results, we estimate the total amount of likely improper payments using federal funds to be $22,815.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Department:
• Improve internal controls to ensure it obtains adequate supporting documentation from LHJs before reimbursing them
• Improve internal controls to ensure program staff review and approve expenditures to verify they are for allowable activities prior to payment
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program ELC staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We partially agree with the exceptions and questioned costs identified. The Department did approve two payments that did not have the required supporting documentation for the subrecipients’ assigned risk level per agency policies. We disagree that these costs were unallowable as staff reviewed them to ensure they met federal cost principles for allowability. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The ELC program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The ELC program refers to the Notice of Funding Opportunity (NOFO), posted guidance, notice of award (NOA), as well as 2 CFR 200, to determine allowable costs, purchase, and procurement procedures.
• The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The ELC program provides technical assistance, policies, and training to ELC subrecipients related to both allowability and compliance.
• The ELC program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
Additionally, the agency utilizes a risk-based approach to ensuring payment requests are adequately supported. Without adhering to the support requirements for high risk subrecipients, the Department cannot reasonably ensure that payments made to that subrecipient are allowable.
We reaffirm our finding and will follow-up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/2022
This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category.
Expenditure Category Low-Risk Moderate-Risk High-Risk
Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages
• Hours worked
Example:
Salary
Bob Smith $5,324.75
Ann Brown $1,245.52
Example:
Salary
Bob Smith $5,324.75
Ann Brown $1,245.52
Example:
Salary
Bob Smith
$5,324.75 (168 hrs.)
Ann Brown
$1,245.52 (34 hrs.)
Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items.
Equipment ($5,000 or more) A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report with DOH preapproval. A-19 and a detailed GL expenditure report with DOH preapproval and copy of the invoice.
Materials and Supplies A-19 and a detailed GL expenditure report A-19 and a detailed GL expenditure report.
Copies of invoices for transactions over $2,500.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and a detailed GL expenditure report.
Copies of invoices for transactions over $1,000.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation.
Outreach Materials
All outreach materials must be allowable according to grant terms and conditions. A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of $2,500. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of $1,000:
AND
• Sample of Outreach materials
Meals A-19 and a detailed GL expenditure report and receipt. A-19 and a detailed GL expenditure report with receipt and number of participants or meeting invite. A-19 and a detailed GL expenditure report with receipt, number of participants and sign in roster.
Travel A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report and purpose of travel. A-19 and a detailed GL expenditure report and purpose of travel:
AND
• Pre-approval for out of state travel.
Training A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report and receipt for training. A-19 and a detailed GL expenditure report and receipt for training:
AND
• Agenda
Contracts
(If the DOH subrecipient is contracting out with an agency to perform work charged to the grant) A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $5,000. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $1,000.
Sub-Sub recipients
(If the DOH subrecipient is passing funds through to another agency as a subrecipient) A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over $5,000 with a detailed GL report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over $1,000 with a detailed GL report.
NOTE: Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
• If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2024-038 The Department of Health did not have adequate internal controls over and did not comply with suspension and debarment requirements for Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-04; NU50CK000515-02-07; NU50CK000515-05-00; NU50CK000515-05-05; NU50CK000515-01-08; NU50CK000515-02-04;
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-047
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with suspension and debarment requirements for the ELC program. The prior finding number was 2023-047.
Description of Condition
The Department did not have adequate internal controls over and did not comply with suspension and debarment requirements for the ELC program.
During the fiscal year, the ELC program had 27 newly executed contracts that required a suspension and debarment check. We used a non-statistical sampling method to randomly select and examine eight out of a population of 27 contracts. We found the Department did not include suspension and debarment language and did not perform a suspension and debarment check for two contracts with Educational Service Districts (ESDs) and one vendor contract (38%).
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department used contracts that did not include suspension and debarment language and did not document a suspension and debarment check in the System for Award Management. The Department did not have adequate management oversight to ensure the ESD contracts received the required suspension and debarment checks or that corrective actions were completed timely.
During the audit, the Department informed us that system changes to ensure that ESDs are correctly identified as subrecipients were not complete by July 2023, as stated in the Department’s corrective action plan for the prior finding.
Effect of Condition
By not performing suspension and debarment checks, the Department cannot ensure all its contractors and subrecipients are allowed to receive federal funds. Without proper checks, the Department could be required to repay the grantor for any payments made to a contractor or subrecipient that is suspended or disbarred.
We verified that none of the eight sampled entities were suspended or debarred and therefore will not question costs.
Recommendation
We recommend the Department establish adequate internal controls to ensure it completes the required suspension and debarment checks before entering into contracts with subrecipients and contractors that will receive $25,000 or more in federal funds.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations.
During the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and no suspension & debarment check was performed at the time. DOH implemented and corrected this error moving forward with ESD and Vendor contracts as of January 2024, the middle of the next audit cycle. Therefore, the corrections will not be reflected in contracts executed prior to that time frame.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 213, Suspension and debarment, states:
Non-federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR parts 180 and 376. These regulations restrict awards, subawards and contracts with certain parties that are debarred, suspended or otherwise excluded from or ineligible for participation in Federal assistance programs or activities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-039 The Department of Health did not have adequate internal controls over and did not comply with reporting requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases Program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-04; NU50CK000515-02-07; NU50CK000515-05-00; NU50CK000515-05-05; NU50CK000515-01-08; NU50CK000515-02-04;
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-048
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024.
During the audit period, the Department was required to submit various reports to the Centers for Disease Control and Prevention (CDC) for two ELC projects: Enhancing Detection and Enhancing Detection Expansion.
The Department submits quarterly fiscal reports in REDCap, a web-based system used by the CDC to collect data. Reports summarize total quarterly expenses, including salaries, fringe benefits, equipment, travel, supplies and contractual payments.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program. The prior finding numbers were 2023-048 and 2022-034.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program.
Quarterly financial reporting of expenditures and unpaid obligations is required for the Enhancing Detection and Enhancing Detection Expansion projects. The Department submits these reports quarterly in REDCap. Before submission, management reviews the reports and supporting documentation to ensure they are accurate and complete. We examined all 16 reports required during the audit period. Three (18.75%) of the reports were not accurate and complete. Specifically, we found:
• The Department did not submit one report, with almost $27 million in expenditures, in REDCap
• One report underreported $263,827 (1.5%) in expenditures in REDCap
• One report had the correct expenditure total in aggregate; however, amounts in specific categories did not match the category totals in the accounting records
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Department implemented a review process to correct the prior year finding, management did not ensure the Department submitted all reports to REDCap, and the reviews were inadequate for detecting the errors our audit identified.
Effect of Condition
By not ensuring management adequately reviewed quarterly reports, the Department did not ensure it submitted reports and that they were accurate and complete.
Recommendation
We recommend the Department establish and follow effective internal controls to ensure it submits reports and that they are accurate and complete.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current process to ensure submitted reports are accurate and complete.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 341, Financial reporting, describes the requirements for auditees to submit financial reports.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-040 The Department of Health did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Too numerous to list
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-050
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024, more than $20 million of which it disbursed to subrecipients.
Federal regulations require the Department to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial reports and taking timely and appropriate action on all deficiencies pertaining to the federal award.
The Department assigns each subrecipient a compliance risk level based on standardized criteria. The Department’s Fiscal Monitoring Unit (FMU) conducts on-site fiscal reviews of each subrecipient every two years. This review includes all federal awards the subrecipient received from the Department for the period under review. Reviewers complete a standardized template to document their work. Using the subrecipient’s reimbursement requests, reviewers judgmentally determine how many samples of payroll expenditures and contractor payments to review to ensure there is adequate source documentation. Reviewers also look at internal controls over processes and examine specific award and contract requirements to ensure the subrecipient was in compliance with these requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding numbers were 2023-050 and 2022-033.
Description of Condition
The Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the ELC program.
The Department did not accurately identify all of their subrecipients. We requested a list of all contracted subrecipients for the state fiscal year 2024 period. This list did not include nine Educational Service Districts (ESDs) that the Department contracted with as subrecipients. The contracts for these educational service districts did not contain required subaward information in accordance with 45 CFR 75.352.
Additionally, the Department did not complete fiscal reviews for its subrecipients. We identified 35 subrecipients with consolidated contracts, and 20 subrecipients with non-consolidated contracts for a total of 55. Of these, we determined there was no fiscal monitoring performed for the 20 subrecipients with non-consolidated contracts. We also found that fiscal monitoring did not occur for two of the subrecipients with consolidated contracts. This resulted in 40% of subrecipients not receiving fiscal monitoring.
We consider these internal control deficiencies to be material weaknesses, which led to material noncompliance.
Cause of Condition
The Department believed that ESDs are an extension of the Office of Superintendent of Public Instruction and therefore entered into interagency agreements instead of subawards. This resulted in them being omitted from subrecipient fiscal monitoring tracking. These interagency agreements also do not have the DOH Contract Subrecipient Statement of Work included in them, which is used to communicate required federal subaward information to subrecipients.
Additionally, we were informed by the Department that there were significant staff shortages in the Fiscal Monitoring Unit in state fiscal year 2024, and that the timing of reviews had to be modified based on capacity.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department does not have reasonable assurance that the subrecipient has complied with the terms and conditions of the subaward.
Recommendation
We recommend that the Department:
• Ensure all subrecipient contracts are identified correctly and include the appropriate templated language
• Identify and track all subrecipients
• Strengthen internal controls to ensure that fiscal monitoring is completed timely for all subrecipients
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current processes to ensure compliance with fiscal monitoring requirements for the ELC program. DOH had significant staff shortages in the Fiscal Monitoring Unit in SFY2024. Due to the shortage, we had to modify our reviews to ensure programs with a federal requirement for timing of monitoring visits were met (WIC and HIV). We then completed additional reviews based on capacity.
In addition, during the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and therefore some fiscal monitoring reviews were not performed. DOH implemented and corrected this error moving forward with ESD and Vendor contracts as of January 2024, the middle of the next audit cycle. Therefore, the corrections will not be reflected in contracts executed prior to that time frame.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-041 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Epidemiology and Laboratory Capacity for Infectious Diseases program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-04; NU50CK000515-02-07; NU50CK000515-05-00; NU50CK000515-05-05; NU50CK000515-01-08; NU50CK000515-02-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-049
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024, about $20 million of which it disbursed to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Department uses an Excel workbook to track subrecipients’ single audits.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the ELC program received required single audits and appropriately followed up on findings and issued management decisions. The prior finding number was 2023-049.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure its subrecipients of the ELC program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Department did not have written policies or procedures over its process for tracking subrecipients’ single audits. To monitor compliance with these requirements, the Department used an Excel spreadsheet to track subrecipients’ single audits and the agency’s follow-up actions, if necessary. However, after examining the workbook, we found 13 subrecipients that required audit tracking were missing. Additionally, we found that the Department did not check for single audit requirements for one subrecipient, and that no single audit exists for that subrecipient in the federal audit clearinghouse.
During fiscal year 2024, four subrecipients received an ELC finding, which the Department documented in the tracking workbook. However, the workbook did not document any follow-up with the subrecipient or review of a corrective action plan. In addition, the Department did not issue a management decision letter for any of the findings, and the tracking spreadsheet did not document any management decisions.
We consider these internal control deficiencies to be material weaknesses, which led to material noncompliance.
Cause of Condition
There were no written procedures for the single audit tracking process. Management said there was confusion around the subrecipient single audit process, and that they were working to define the process around the monitoring requirements. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• All subrecipients receive a single audit, if required
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current processes and provide additional training to staff to monitor if DOH subrecipients of the ELC program received required single audits and take appropriate action based on those single audits. This will include DOH following up on findings and issued management decisions.
In addition, during the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and therefore some single audits were not tracked. DOH implemented and corrected this error moving forward with ESD’s and Subrecipient contracts as of January 2024, the middle of the next audit cycle. Therefore, the corrections will not be reflected in contracts executed prior to that time frame.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
1. Reviewing financial and performance reports required by the pass-through entity.
2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by section 75.521.
f. Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in section 75.501.
h. Consider taking enforcement action against noncompliant subrecipients as described in section 75.371and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-036 The Department of Health did not have adequate internal controls over cash management and allowable cost requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Too numerous to list
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Known Questioned Cost Amount: $298,415
Prior Year Audit Finding: N/A
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024.
The ELC program is subject to the Cash Management Improvement Act (CMIA) and is included in the Treasury-State Agreement for Washington. The primary purpose of the CMIA agreement is to ensure states request federal funds when they are needed so that no interest is gained or lost by either the federal or state governments. The agreement specifies the funding technique the Department should use when requesting federal funds. The Department shall draw funds semi-monthly, according to the state payroll schedule.
The Department maintains the Grant Management System (GMS) that is used to calculate cash draw amounts. The Department also utilizes the Cost Allocation System (CAS) to calculate indirect costs associated with expenditures. The Department uses these systems as agency-wide tools to manage all its federal grants. Daily, federal grant revenue and expenditures are automatically uploaded from the Department’s accounting system into its AFRS Data Distribution Services (ADDS) database. Department staff can pull data from ADDS by running queries in GMS and CAS.
To ensure that the data is properly uploaded, Department staff perform a manual reconciliation between ADDS and the accounting system every workday. The Department also maintains a chart of accounts (COA) system that feeds coding information into GMS and CAS to instruct these systems how to allocate grant expenditures.
Department staff generate a Grant Draw Report from GMS that provides the necessary information to complete a cash draw. This report includes calculations for the cash draw amount performed by GMS, as well as indirect costs calculated by CAS, using expenditure and revenue data received from the ADDS system.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over cash management and allowable cost requirements for the ELC program.
Since the Department’s internal controls reviewed are a centralized process, our testing included all its federal programs we reviewed for this audit.
Daily Manual Reconciliation
We used a statistical sampling method to randomly select and examine 24 out of a total population of 250 workdays during the fiscal year. We found that the Department did not complete a reconciliation of the accounting system and ADDS data for three of the 24 days (13%). We also determined that the daily reconciliation included reconciling expenditure data, but not revenue data. Apart from the three instances, our testing discovered that incorrect reporting criteria was used for ADDS reporting, resulting in blank ADDS reports being generated from the system for the first 20 days of fiscal year 2024.
GMS Automated Draw Calculation
We judgmentally selected three cash draws and found the following issues:
• One instance in which the GMS incorrectly calculated the draw amount, resulting in an overdraw of $145,103
• Expenditures charged to valid program project codes did not show on the GMS draw report, resulting in funds being underdrawn by $700,819
• Indirect expenditures were incorrect in the GMS resulting in an overdraw of $153,312
We also examined the Department’s controls over updating the COA to determine if the coding associated with each award entered in GMS and CAS was accurate. Our review found:
• Users could update the COA without review or approval directly in the COA system
• There was no formal process to track the identification and resolution of COA coding errors
• The Department did not correct COA coding errors in a timely manner
• The COA system did not produce and retain audit logs of changes made
These issues are also noted in finding 2024-033.
Cash Management Improvement Act Testing
The CMIA for the ELC program states that cash draws are to be made one day before scheduled pay days throughout the year. We reviewed the timing of ELC cash draws made during the fiscal year to ensure they were in keeping with CMIA timing requirements. We determined that for expenditures incurred in fiscal year 2024, no cash draws were made during the first five payroll periods of the year. We also identified nine cash draws that correspond to a payroll period, but were not made one day before the scheduled pay day as the CMIA requires. Additionally, there was one cash draw that we determined to be noncompliant as it was in the middle of a payroll period.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
These issues were not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate internal controls to ensure the data used to complete cash draws was accurate and complete and that the timing of draws was in compliance with the CMIA requirements. The Department also does not have adequate controls in place to detect coding errors that would result in incorrect data being input and pulled from the GMS and CAS. Coding errors in the chart of accounts resulted in indirect expenditures being overcharged to the grant. The Department was unable to provide an explanation as to the cause of the chart of account errors.
The Department was not able to provide an explanation for why GMS incorrectly calculated the cash draw amount.
Effect of Condition and Questioned Costs
By not implementing adequate internal controls, the Department overdrew indirect expenditures by $298,415, which we are reporting as questioned costs. Overdraws can result in the Department having to repay the grantor.
Violations of the CMIA can result in the grantor denying the state payment or credit for the resulting federal interest liability or other sanctions. Delaying federal draw-down requests also results in state funds being advanced longer than necessary and potentially losing interest revenue for the state.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Department ensure it:
• Performs daily reconciliations between ADDS and AFRS
• Has adequate internal controls in place over the updating of the chart of accounts
• Has adequate controls in place to properly calculate cash draw amounts in GMS
• Performs cash draws on the schedule specified in the CMIA agreement
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure adequate internal controls over cash management and allowable cost requirements for the ELC program, we partially disagree with SAO’s assessment of a material weakness in internal controls over the cash management and allowable cost requirements for the ELC program.
Daily Manual Reconciliation
The Department disagrees with this assessment. Our internal controls identified a concern with the ADDs reporting criteria. The Department partnered with our IT department and identified the cause of the report errors. This was corrected within the audit period which allowed us to go back to using this internal control to verify totals.
GMS Automated Draw Calculation
The Department agrees with this assessment and the Department is working diligently to correct the issue.
Chart of Account Updates
The Department disagrees with this assessment. The Chart of Accounts (COA) errors were due to OFM giving the Department the incorrect EA schedule. The 23-25 Biennium EA schedule released from OFM on 06/21/2023 showed the appropriation as 984, which was incorrect. The Departments’ coding structure was set up based on the initial EA schedule provided by OFM. The EA schedule that was released on 10/18/2023 had the correct appropriation of 985. The Department had already set up the COA with incorrect appropriation. After receiving the new EA schedule in October, the Department had to set up all new master index codes with the correct appropriation and JV all expenditures from the old master index codes to the new ones. Therefore, in order to change the existing COA to the correct COA structure with the new EA schedule, the Department had to update the COA structure outside of normal procedures. The Department tracked changes via excel spreadsheets and developed additional internal control processes due to the nature of changes made outside of normal procedures. The Department addressed the COA errors as timely as possible.
CMIA
The Department disagrees with this assessment. The Department performed draws for ELC using the prior periods MI codes. The Department spends on a first in, first out method. The Department uses the previous year’s code for all expenditures that occurred in the allowable period and the funding has a 90-day period to process all previous year’s expenditures. There will always be expenditures and draws for a previous budget year in the first couple months of the new year due to the timing of invoices and processing. The department also ensures we are drawing in line with CMIA funding techniques and the payroll cycle. The states payroll cycle results in money leaving the treasury account prior to the 10th and the 25th. DOH ensures we draw funds after the cycle has ended and by state pay dates. This ensures the state is made whole in a timely manner.
Auditor’s Remarks
Daily Manual Reconciliation
We appreciate the Department acknowledging that the system was not generating a report with the correct criteria for 20 days. In addition to this issue, we found three (13%) of the 24 days tested outside of this period were also not reconciled.
Chart of Account Updates
While changes to the COA that resulted in some of the errors were made at the direction of OFM, it was not the cause for all issues identified in the audit. We reaffirm the lack of internal controls within the Department over COA updates resulted in incorrect draw amounts.
CMIA
We agree that funding for expenditures occurring at the close of a fiscal year can be drawn during the next fiscal year due to the timing of invoices and processing. However, the Department did not complete cash draws for expenditures incurred during July and August of fiscal year 2024, as required by the CMIA. Additionally, nine cash draws completed by the Department during the fiscal year were completed earlier than allowed by the approved terms of the CMIA.
We reaffirm our finding and will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75 section 2 establishes definitions for questioned costs.
Title 45 CFR Part 75 section 403 establishes the factors affecting the allowability of costs.
Title 45 CFR Part 75 section 410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 205, Rules and Procedures for Efficient Federal-State Funds Transfers, section 11, What requirements apply to funding techniques?, states in part:
(a) A State and a Federal Program Agency must minimize the time elapsing between the transfer of funds from the United States Treasury and the State's payout of funds for Federal assistance program purposes, whether the transfer occurs before or after the payout of funds.
(b) A State and a Federal Program Agency must limit the amount of funds transferred to the minimum required to meet a State's actual and immediate cash needs.
Title 31 CFR Part 205.29, What are the State oversight and compliance responsibilities? states in part:
(d) If a State repeatedly or deliberately fails to request funds in accordance with the procedures established for its funding techniques, as set forth in § 205.11, § 205.12, or a Treasury-State agreement, we may deny the State payment or credit for the resulting Federal interest liability, notwithstanding any other provision of this part.
(e) If a State materially fails to comply with this subpart A, we may, in addition to the action described in paragraph (d) of this section, take one or more of the following actions, as appropriate under the circumstances:
(1) Deny the reimbursement of all or a part of the State's interest calculation cost claim;
(2) Send notification of the non-compliance to the affected Federal Program Agency for appropriate action, including, where appropriate, a determination regarding the impact of non-compliance on program funding;
(3) Request a Federal Program Agency or the General Accounting Office to conduct an audit of the State to determine interest owed to the Federal government, and to implement procedures to recover such interest;
(4) Initiate a debt collection process to recover claims owed to the United States; or
(5) Take other remedies legally available.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Cash Management Improvement Act (CMIA) of 2024, states in part:
6.2.4 The following are terms under which State unique funding techniques shall be implemented for all transfers of funds to which the funding technique is applied in section 6.3.2 of this Agreement.
Modified Direct Program Costs - Admin, Payroll, Payments to Providers:
The State shall request funds for all direct administrative costs and/or payroll costs, and/or payments made to providers and to support providers. The request shall be made in accordance with the appropriate Federal agency cut-off time specified in Exhibit I. The amount of the funds requested shall be based on the amount of expenditures recorded for direct administrative costs and/or payroll costs and/or payments made to providers or to support providers since the last request for funds. The State payroll cycle is payday twice a month. Draws made the day before payday are for deposit on payday. The draw request will be made in accordance with the cutoff time in Exhibit 1. The amount of the funds requested shall be based on the amount of expenditures recorded for direct administrative costs and/or payroll costs and/or payments made to providers or to support providers since the last request for funds. This funding technique is interest neutral.
6.3.2 Programs
93.323 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC)
Recipient: Department of Health
% of Funds Agency Receives: 100
Component: Admin, Payroll, Payments to Providers
Technique: Modified Direct Program Costs - Admin, Payroll, Payments to Providers
Average Day of Clearance: 0 Days
2024-037 Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable and met cost principles for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Too numerous to list
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $2,037
Prior Year Audit Finding: Yes, Finding 2023-046
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports several specific infectious disease programs and projects, and provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024, more than $20 million of which it disbursed to subrecipients.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions (LHJs) that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts and sub-subrecipients
• Administrative/indirect costs
During the audit period, LHJs submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Beginning in February 2023, program staff documented their review and approval of the reimbursement request on a spreadsheet. The spreadsheet was only used at the program level, so it was not shared with the fiscal staff to communicate approval prior to issuing payment.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior year audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding numbers were 2023-046 and 2022-033.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable and met cost principles for the ELC program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payments. As a result, the Department paid the LHJs without knowing whether these expenditures had been reviewed and approved by the program staff.
We used a nonstatistical sampling method to randomly select and examine 25 out of a total population of 280 payments to LHJs. In total, we examined $548,396 in LHJ subrecipient payments as part of the audit. Of the 25 randomly selected payments examined, we identified two payments (8%) that did not have the required supporting documentation for the subrecipients’ assigned risk level.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying LHJs without ensuring program staff reviewed and determined the payment was allowable and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes. By not ensuring LHJs submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The two payments for which the Department did not have required supporting documentation from LHJs totaled $2,037 in known questioned costs. Based on these results, we estimate the total amount of likely improper payments using federal funds to be $22,815.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Department:
• Improve internal controls to ensure it obtains adequate supporting documentation from LHJs before reimbursing them
• Improve internal controls to ensure program staff review and approve expenditures to verify they are for allowable activities prior to payment
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program ELC staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We partially agree with the exceptions and questioned costs identified. The Department did approve two payments that did not have the required supporting documentation for the subrecipients’ assigned risk level per agency policies. We disagree that these costs were unallowable as staff reviewed them to ensure they met federal cost principles for allowability. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The ELC program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The ELC program refers to the Notice of Funding Opportunity (NOFO), posted guidance, notice of award (NOA), as well as 2 CFR 200, to determine allowable costs, purchase, and procurement procedures.
• The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The ELC program provides technical assistance, policies, and training to ELC subrecipients related to both allowability and compliance.
• The ELC program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
Additionally, the agency utilizes a risk-based approach to ensuring payment requests are adequately supported. Without adhering to the support requirements for high risk subrecipients, the Department cannot reasonably ensure that payments made to that subrecipient are allowable.
We reaffirm our finding and will follow-up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/2022
This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category.
Expenditure Category Low-Risk Moderate-Risk High-Risk
Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages
• Hours worked
Example:
Salary
Bob Smith $5,324.75
Ann Brown $1,245.52
Example:
Salary
Bob Smith $5,324.75
Ann Brown $1,245.52
Example:
Salary
Bob Smith
$5,324.75 (168 hrs.)
Ann Brown
$1,245.52 (34 hrs.)
Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items.
Equipment ($5,000 or more) A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report with DOH preapproval. A-19 and a detailed GL expenditure report with DOH preapproval and copy of the invoice.
Materials and Supplies A-19 and a detailed GL expenditure report A-19 and a detailed GL expenditure report.
Copies of invoices for transactions over $2,500.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and a detailed GL expenditure report.
Copies of invoices for transactions over $1,000.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation.
Outreach Materials
All outreach materials must be allowable according to grant terms and conditions. A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of $2,500. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of $1,000:
AND
• Sample of Outreach materials
Meals A-19 and a detailed GL expenditure report and receipt. A-19 and a detailed GL expenditure report with receipt and number of participants or meeting invite. A-19 and a detailed GL expenditure report with receipt, number of participants and sign in roster.
Travel A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report and purpose of travel. A-19 and a detailed GL expenditure report and purpose of travel:
AND
• Pre-approval for out of state travel.
Training A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report and receipt for training. A-19 and a detailed GL expenditure report and receipt for training:
AND
• Agenda
Contracts
(If the DOH subrecipient is contracting out with an agency to perform work charged to the grant) A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $5,000. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $1,000.
Sub-Sub recipients
(If the DOH subrecipient is passing funds through to another agency as a subrecipient) A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over $5,000 with a detailed GL report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over $1,000 with a detailed GL report.
NOTE: Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
• If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2024-038 The Department of Health did not have adequate internal controls over and did not comply with suspension and debarment requirements for Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-04; NU50CK000515-02-07; NU50CK000515-05-00; NU50CK000515-05-05; NU50CK000515-01-08; NU50CK000515-02-04;
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-047
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with suspension and debarment requirements for the ELC program. The prior finding number was 2023-047.
Description of Condition
The Department did not have adequate internal controls over and did not comply with suspension and debarment requirements for the ELC program.
During the fiscal year, the ELC program had 27 newly executed contracts that required a suspension and debarment check. We used a non-statistical sampling method to randomly select and examine eight out of a population of 27 contracts. We found the Department did not include suspension and debarment language and did not perform a suspension and debarment check for two contracts with Educational Service Districts (ESDs) and one vendor contract (38%).
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department used contracts that did not include suspension and debarment language and did not document a suspension and debarment check in the System for Award Management. The Department did not have adequate management oversight to ensure the ESD contracts received the required suspension and debarment checks or that corrective actions were completed timely.
During the audit, the Department informed us that system changes to ensure that ESDs are correctly identified as subrecipients were not complete by July 2023, as stated in the Department’s corrective action plan for the prior finding.
Effect of Condition
By not performing suspension and debarment checks, the Department cannot ensure all its contractors and subrecipients are allowed to receive federal funds. Without proper checks, the Department could be required to repay the grantor for any payments made to a contractor or subrecipient that is suspended or disbarred.
We verified that none of the eight sampled entities were suspended or debarred and therefore will not question costs.
Recommendation
We recommend the Department establish adequate internal controls to ensure it completes the required suspension and debarment checks before entering into contracts with subrecipients and contractors that will receive $25,000 or more in federal funds.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations.
During the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and no suspension & debarment check was performed at the time. DOH implemented and corrected this error moving forward with ESD and Vendor contracts as of January 2024, the middle of the next audit cycle. Therefore, the corrections will not be reflected in contracts executed prior to that time frame.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 213, Suspension and debarment, states:
Non-federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR parts 180 and 376. These regulations restrict awards, subawards and contracts with certain parties that are debarred, suspended or otherwise excluded from or ineligible for participation in Federal assistance programs or activities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-039 The Department of Health did not have adequate internal controls over and did not comply with reporting requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases Program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-04; NU50CK000515-02-07; NU50CK000515-05-00; NU50CK000515-05-05; NU50CK000515-01-08; NU50CK000515-02-04;
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-048
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024.
During the audit period, the Department was required to submit various reports to the Centers for Disease Control and Prevention (CDC) for two ELC projects: Enhancing Detection and Enhancing Detection Expansion.
The Department submits quarterly fiscal reports in REDCap, a web-based system used by the CDC to collect data. Reports summarize total quarterly expenses, including salaries, fringe benefits, equipment, travel, supplies and contractual payments.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program. The prior finding numbers were 2023-048 and 2022-034.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program.
Quarterly financial reporting of expenditures and unpaid obligations is required for the Enhancing Detection and Enhancing Detection Expansion projects. The Department submits these reports quarterly in REDCap. Before submission, management reviews the reports and supporting documentation to ensure they are accurate and complete. We examined all 16 reports required during the audit period. Three (18.75%) of the reports were not accurate and complete. Specifically, we found:
• The Department did not submit one report, with almost $27 million in expenditures, in REDCap
• One report underreported $263,827 (1.5%) in expenditures in REDCap
• One report had the correct expenditure total in aggregate; however, amounts in specific categories did not match the category totals in the accounting records
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Department implemented a review process to correct the prior year finding, management did not ensure the Department submitted all reports to REDCap, and the reviews were inadequate for detecting the errors our audit identified.
Effect of Condition
By not ensuring management adequately reviewed quarterly reports, the Department did not ensure it submitted reports and that they were accurate and complete.
Recommendation
We recommend the Department establish and follow effective internal controls to ensure it submits reports and that they are accurate and complete.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current process to ensure submitted reports are accurate and complete.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 341, Financial reporting, describes the requirements for auditees to submit financial reports.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-040 The Department of Health did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Too numerous to list
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-050
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024, more than $20 million of which it disbursed to subrecipients.
Federal regulations require the Department to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial reports and taking timely and appropriate action on all deficiencies pertaining to the federal award.
The Department assigns each subrecipient a compliance risk level based on standardized criteria. The Department’s Fiscal Monitoring Unit (FMU) conducts on-site fiscal reviews of each subrecipient every two years. This review includes all federal awards the subrecipient received from the Department for the period under review. Reviewers complete a standardized template to document their work. Using the subrecipient’s reimbursement requests, reviewers judgmentally determine how many samples of payroll expenditures and contractor payments to review to ensure there is adequate source documentation. Reviewers also look at internal controls over processes and examine specific award and contract requirements to ensure the subrecipient was in compliance with these requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding numbers were 2023-050 and 2022-033.
Description of Condition
The Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the ELC program.
The Department did not accurately identify all of their subrecipients. We requested a list of all contracted subrecipients for the state fiscal year 2024 period. This list did not include nine Educational Service Districts (ESDs) that the Department contracted with as subrecipients. The contracts for these educational service districts did not contain required subaward information in accordance with 45 CFR 75.352.
Additionally, the Department did not complete fiscal reviews for its subrecipients. We identified 35 subrecipients with consolidated contracts, and 20 subrecipients with non-consolidated contracts for a total of 55. Of these, we determined there was no fiscal monitoring performed for the 20 subrecipients with non-consolidated contracts. We also found that fiscal monitoring did not occur for two of the subrecipients with consolidated contracts. This resulted in 40% of subrecipients not receiving fiscal monitoring.
We consider these internal control deficiencies to be material weaknesses, which led to material noncompliance.
Cause of Condition
The Department believed that ESDs are an extension of the Office of Superintendent of Public Instruction and therefore entered into interagency agreements instead of subawards. This resulted in them being omitted from subrecipient fiscal monitoring tracking. These interagency agreements also do not have the DOH Contract Subrecipient Statement of Work included in them, which is used to communicate required federal subaward information to subrecipients.
Additionally, we were informed by the Department that there were significant staff shortages in the Fiscal Monitoring Unit in state fiscal year 2024, and that the timing of reviews had to be modified based on capacity.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department does not have reasonable assurance that the subrecipient has complied with the terms and conditions of the subaward.
Recommendation
We recommend that the Department:
• Ensure all subrecipient contracts are identified correctly and include the appropriate templated language
• Identify and track all subrecipients
• Strengthen internal controls to ensure that fiscal monitoring is completed timely for all subrecipients
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current processes to ensure compliance with fiscal monitoring requirements for the ELC program. DOH had significant staff shortages in the Fiscal Monitoring Unit in SFY2024. Due to the shortage, we had to modify our reviews to ensure programs with a federal requirement for timing of monitoring visits were met (WIC and HIV). We then completed additional reviews based on capacity.
In addition, during the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and therefore some fiscal monitoring reviews were not performed. DOH implemented and corrected this error moving forward with ESD and Vendor contracts as of January 2024, the middle of the next audit cycle. Therefore, the corrections will not be reflected in contracts executed prior to that time frame.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-041 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Epidemiology and Laboratory Capacity for Infectious Diseases program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-04; NU50CK000515-02-07; NU50CK000515-05-00; NU50CK000515-05-05; NU50CK000515-01-08; NU50CK000515-02-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-049
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024, about $20 million of which it disbursed to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Department uses an Excel workbook to track subrecipients’ single audits.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the ELC program received required single audits and appropriately followed up on findings and issued management decisions. The prior finding number was 2023-049.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure its subrecipients of the ELC program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Department did not have written policies or procedures over its process for tracking subrecipients’ single audits. To monitor compliance with these requirements, the Department used an Excel spreadsheet to track subrecipients’ single audits and the agency’s follow-up actions, if necessary. However, after examining the workbook, we found 13 subrecipients that required audit tracking were missing. Additionally, we found that the Department did not check for single audit requirements for one subrecipient, and that no single audit exists for that subrecipient in the federal audit clearinghouse.
During fiscal year 2024, four subrecipients received an ELC finding, which the Department documented in the tracking workbook. However, the workbook did not document any follow-up with the subrecipient or review of a corrective action plan. In addition, the Department did not issue a management decision letter for any of the findings, and the tracking spreadsheet did not document any management decisions.
We consider these internal control deficiencies to be material weaknesses, which led to material noncompliance.
Cause of Condition
There were no written procedures for the single audit tracking process. Management said there was confusion around the subrecipient single audit process, and that they were working to define the process around the monitoring requirements. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• All subrecipients receive a single audit, if required
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current processes and provide additional training to staff to monitor if DOH subrecipients of the ELC program received required single audits and take appropriate action based on those single audits. This will include DOH following up on findings and issued management decisions.
In addition, during the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and therefore some single audits were not tracked. DOH implemented and corrected this error moving forward with ESD’s and Subrecipient contracts as of January 2024, the middle of the next audit cycle. Therefore, the corrections will not be reflected in contracts executed prior to that time frame.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
1. Reviewing financial and performance reports required by the pass-through entity.
2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by section 75.521.
f. Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in section 75.501.
h. Consider taking enforcement action against noncompliant subrecipients as described in section 75.371and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-042 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with Temporary Assistance for Needy Families funds were allowable and property supported.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $67,698,747
Prior Year Audit Finding: Yes, Finding 2023-051
Background
The Department of Social and Health Service (DSHS), Community Services Office, administers the Temporary Assistance for Needy Families (TANF) grant that provides temporary cash assistance for families in need. To receive TANF benefits, participants must be engaged in activities listed in the Individual Responsibility Plan through the WorkFirst program, unless the TANF benefits are received only on behalf of a child. TANF grant funds are also used to pay clients’ child care costs to meet one of the program’s primary purposes of helping clients obtain employment.
Washington has established the Working Connections Child Care (WCCC) program to help eligible working families pay for child care. Both the Department of Children, Youth, and Families (the Department) and DSHS administer the program. The Department is responsible for establishing policies and procedures for licensing child care providers and paying them for allowable child care services. DSHS determines TANF client eligibility and reimburses the Department for child care payments under an agreement between the two agencies. In fiscal year 2024, DSHS paid $67,698,747 related to child care services.
The Department uses its Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the eligibility of the client. These funding sources include multiple federal programs, multiple Child Care Development Fund (CCDF) federal grant awards and state funding. The Department uploads the payment data into the state’s accounting system at a summary level based on the various funding sources.
DSHS worked with the Department to set up coding in the Payment Allocating Model system that looks at the client-level information and then assigns the correct TANF source of funds. Once the source of funds is identified, that information is sent to SSPS for allocation assignment. The Department prepares electronic reports for funds allocated to TANF funding sources and sends DSHS a monthly bill. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
Some payments the Department makes for child care are funded by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the WCCC program. Federal regulations require grant fund expenditures to be adequately supported to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls that ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with TANF funds were allowable and properly supported. The prior finding numbers were 2023-051, 2022-035 and 2021-028.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with TANF funds were allowable and properly supported.
To identify TANF-funded payments the Department made to child care providers, we requested a population of payments charged to TANF sources from SSPS. However, in fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent TANF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions from SSPS that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. Officials from the U.S. Department of Health and Human Services informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
Because the Department did not comply with federal requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $67,698,747 in federal program costs for child care payments that DSHS paid during the audit period.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Update service level agreements with DSHS to ensure payments are sufficient and properly supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Working Connections Child Care (WCCC) program was previously managed by the Department of Social and Health Services (DSHS) and the Department of Early Learning. Since the program transitioned in 2019, the Department has been making efforts to strengthen internal controls over payments to child care providers and other grant requirements.
The Department implemented grant-level management of all federal funds, including the Temporary Assistance for Needy Families grant. This consisted of making significant grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements were met. The Department’s grant adjustments were processed based on eligible clients and allowable activities.
The State Auditor’s Office (SAO) has taken issues in the past several audits and maintained that the program is not auditable without child-level data. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit for accurately testing compliance. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance recommended by the SAO.
In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted budget included funding to implement the Department’s budget request beginning in state fiscal year 2025, specifically:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024.”
The Department is working with a developer to assist with building out the required databases between the Social Service Payment System and the Agency Financial Reporting System to allow transfers between funding sources to include child-level data related to the expenditures.
The Department looks forward to working with SAO to resolve the child-level data concerns in the audit of the child care grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the grant adjustments were processed for eligible and allowable expenditures for the TANF grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-044 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure the statewide court hearing rate assessment was performed for subrecipients of the Child Support Services program.
Assistance Listing Number and Title: 93.563 Child Support Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WACSES; 2201WACSES; 2401WACSES
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Social and Health Services (DSHS) administers the Child Support Services program (CSS), which aims to locate absent parents, establish paternity, obtain child and spousal support, and enforce support obligations owed by noncustodial parents. During fiscal year 2024, the Department spent more than $129 million in federal program funds, about $23 million of which it paid to subrecipients.
The Department administers and awards CSS funding to all counties through various court offices, including county clerks, county commissioners and county prosecutors.
Federal regulations require the Department to monitor the activities of subrecipients to ensure the subaward is used for authorized purposes, in compliance with federal statues, regulations, and terms and conditions of the subaward, and that subaward performance goals are achieved. This includes reviewing financial and performance reports required by the passthrough entity.
Department procedures require the Department to implement a statewide court hearing rate every calendar year. This rate is used by the subrecipient courts to determine the total allowable CSS share of direct costs. The process of implementing this rate begins by reviewing court hearing data from the current year from five sample counties. The counties submit two months of Commission hearing data from the current calendar year. The Department requires each sample county to provide the case number, party names, hearing date, and the start and end times of each hearing. The County Fiscal Liaison selects a sample from the total number of hearings and the counties review the hearings to determine if they were child support related and identifies the total number of minutes in the hearing. After it has been determined that a case is CSS related, a review is completed to determine if the parties in the hearing have a Title IV-D case. The review is documented on the Department’s sampling worksheet, which calculates the rate based on the actual minutes related to the program divided by the total minutes of the hearings.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure the statewide court hearing rate assessment was performed for subrecipients of the CSS program.
According to the Division of Child Support Court Commissioner sample process document, program staff are required to review court hearing data from five sample counties in the state to determine the statewide hearing rate for the year. We found the Department did not perform the rate assessment to ensure that the statewide rate established during the fiscal year was based on current case load data of the subrecipient courts. As a result, the Department continued using the previously determined hearing rate, which the courts then used to determine their reimbursement claim amounts for the fiscal year. The Department was unable to provide documentation to demonstrate this action was discussed, what rationale was used to determine this course of action or that management approved it.
We consider this internal control deficiency to be a material weakness that led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not establish sufficient internal controls to ensure the annual rate assessment was completed and accurate. The Department asserted it did not have sufficient court hearing data from participating counties at the time of the annual rate assessment. In addition, management asserted that it could not replace counties selected for analysis that experienced data errors in reporting child support caseloads to the state. Therefore, management opted not to complete the rate assessment. However, the Department did not document the rationale for its decision, nor management’s approval to continue using the previously established court hearing rate.
Effect of Condition
Without conducting the rate assessment, the Department cannot ensure the CSS hearing rate is an accurate representation of court caseloads for the program. This increases the risk of the Department reimbursing the courts at an excessive rate based on the child support cases heard.
Recommendation
We recommend the Department:
• Improve internal controls to ensure it performs required county hearing rate assessments based on its policies and procedures
• Establish internal controls sufficient to ensure it performs annual rate assessments to ensure hearing rates the courts use are based on accurate and complete data
Department’s Response
The Department partially concurs with the auditor’s finding.
The Department has an established written process for conducting a sample of five counties to determine the statewide hearing rate for the fiscal year. Two of the five counties contacted us two weeks after the due date with technical issues and concerns that their data may not be accurate and requested that we use other counties’ data as part of the sampling process.
Since the Department was already into State Fiscal Year (SFY) 24 and the courts needed the rate for their reimbursement requests, it was not realistic with such short notice to find two other counties that could pull two months of court hearings data from the prior year. DCS management made the decision to carry over the certified rate from the prior fiscal year’s sampling process rather than use potentially inaccurate data to update the court hearing rate. The difference in the sampling rates between SFY 22 (6.35%) and SFY 23 (6.58%) was so small we determined that a carryover of the SFY 23 rate given the circumstances would provide the most accurate representation of court caseloads and would mitigate the risk of the Department reimbursing the courts at an excessive rate.
The Department provided the auditor documentation from the two counties that communicated their inability to participate in the SFY 24 sampling process as well as the Department’s communication to all the court administrators. This communication explained that due to unforeseen circumstances, the Department was not able to complete the state sampling process for SFY 24 and that it used the certified rate from SFY 23 to set a SFY 24 hearing rate. In addition, the Department provided the approved SFY 23 rate and sampling data. The auditor stated that since the SFY 23 rate was signed in April 2023, it was outside the scope of the audit period. The Department disagreed with the auditor because the SFY 23 rate was carried over for SFY 24, which made the sampling process and data within scope of the audit period.
For the SFY 25 rate, the Department has found a new county to participate in the sampling process and the other county has resolved their system issues.
The Department will update procedures to ensure decisions and approvals are documented when alternate methodologies are required.
Auditor’s Remarks
The Department asserts it communicated to participating counties that it would not re-assess the hearing rate for the year 2024 child support cases and instead carry forward the rate approved from 2023. This communication was provided to our Office in the form of an email, sent by the County Fiscal Liaison, which did not have any recipients listed. In addition, the Department did not provide documentation to demonstrate that management reviewed and approved the decision to carry forward the previously certified child support hearing rate, including what factors were considered that would allow the previous rate to be used and still be compliant with child support services monitoring requirements.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR part 75, section 352, Requirements for pass-through entities, establishes the requirements for pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Division of Child Support Court Commissioner Sample Process Instructions, states in part:
“….Notify sample counties in July or August that it’s time to pull their samples. Current sample counties are: Chelan, Lewis, Pend Oreille, Spokane, and Grays Harbor. Email each sample county and request they provider their sample data”
“ To pull the sample –
9. Using the Access Sample Program – pull a sample of 275-350 hearings. This number was determined by E-Maps statisticians to be an acceptable number of hearings based on having less than 5,000 hearings total. (*There is also a program that will provide you with a statistically sound sample number based on the total number of hearings you enter. You can use this or choose a number somewhere between 275-350.)
10. Set up your sample worksheets to include a column titled ‘Child Support?’ and one titled ‘IV-D?’, and one titled ‘Qualified Number of Minutes’.
11. Print this out so you have a hard copy to work from. These you will fill in as you review each hearing. If the hearing gets both a YES under the Child Support and the IV-D, then you’ll enter the number of minutes of that hearing in the last column.”
12. Review each and every hearing to determine if it is child support related.”
“Calculating the sample IV-D percentage rate –
Using your ‘Final Data Totals’ worksheet:
20. Cell F6 - Enter number of minutes for all “Other” than 3 & 5 case types.
21. Cell F7 - Enter number of minutes for all Type 3 + Type 5 case types.
22. Total of all hearings minutes will be automatically calculated and entered in Cell F8.
23. Cell F11 - Enter the total number of minutes in the sample.
24. Cell F13 - Enter the total of IV-D qualified minutes in the sample.
25. The system will calculate the IV-D sample percentage from those two figures and enter it in Cell F15.
26. Cell G6 - Enter the percentage of all “other” case types that are IV-D (this will always be 0).
27. Cell G7 – The system will enter the percentage of all Type 3 + Type 5 cases that are IV-D. (This is simply copied from Cell F15.)
28. Cell H7 – The system will enter the Total IV-D Minutes for Type 3 and Type 5 cases using the total Type 3 + Type 5 minutes (Cell F7) multiplied by the percentage of IV-D minutes per the sample (Cell G7).
29. That number (Cell H8) is then divided by the total of minutes of ALL hearings submitted (Cell F8) and the resulting percentage is your Hearings Sample IV-D Percentage Rate to be used by all counties statewide for their Court Commissioner reimbursements.”
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-045 The Department of Social and Health Services did not have adequate internal controls to ensure risk assessments performed for subrecipients of the Child Support Services program were accurate and complete.
Assistance Listing Number and Title: 93.563 Child Support Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WACSES; 2201WACSES; 2401WACSES
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Social and Health Services (DSHS) administers the Child Support Services program (CSS), which aims to locate absent parents, establish paternity, obtain child and spousal support, and enforce support obligations owed by noncustodial parents. During fiscal year 2024, the Department spent more than $129.7 million in federal program funds, about $23 million of which it paid to subrecipients.
The Department administers and awards program funding to all counties through various court offices, including county clerks, county commissioners and county prosecutors. Federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward to determine the appropriate amount and type of subrecipient monitoring required to ensure they use the subaward for authorized purposes, comply with the terms and conditions of their subawards, and achieve performance goals.
The Department’s County Fiscal Liaison completes the annual risk assessment of all counties for the program. The Department’s risk assessment contains different risk factors that are answerable by a “yes” or a “no” value and are each assigned a numerical value. The scores are then totaled to determine the overall risk of the subrecipient. This risk score determines the adequate level of monitoring necessary for the subrecipient.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure risk assessments performed for subrecipients of the program were accurate and complete.
The Department’s policies and procedures instruct program staff to conduct annual risk assessments and determine the level of monitoring required for each county subrecipient. Although the County Fiscal Liaison completed risk assessments for county subrecipients during the audit period, Department management did not perform a secondary review of the risk assessments the County Fiscal Liaison completed for completeness and appropriateness. In addition, we determined that only the County Fiscal Liaison participates in the subrecipient risk assessment process. Therefore, we determined the Department does not have adequate internal controls to ensure program staff perform risk assessments, as required by Department policies, and that the results of completed risk assessments are accurate and support the recommended level of monitoring over the subrecipients.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not consider performing a secondary review of the County Fiscal Liaison’s assessment of each County’s risk of noncompliance, and did not monitor the results of risk assessment as it relied on the liaison’s judgment.
Effect of Condition
Without monitoring to ensure risk assessments are completed and conducting a secondary review of risk assessments that program staff perform, management cannot ensure that the Department is meeting federal requirements by performing the appropriate level of monitoring to ensure subrecipients comply with program requirements.
Recommendation
We recommend the Department:
• Improve internal controls to ensure it performs required risk assessments
• Establish internal controls to ensure management reviews and approves risk assessments to ensure they are complete, accurate and performed timely to ensure an appropriate level of subrecipient monitoring is performed
•
Department’s Response
The Department partially concurs with the auditor’s findings.
The Department has a control in place to discuss risks in real time with management during weekly meetings. Management is appraised of concerns and workloads, including completion of risk assessments. The risk assessment worksheets capture, in writing, the risks and actions taken as discussed with management in the weekly meetings.
For ongoing compliance, the Department’s Division of Child Support will update procedures for risk assessments to include documenting management’s review and approval.
Auditor’s Remarks
We requested and received risk assessment worksheets as part of the audit and found no information indicating the results were provided to or approved by management. In addition, program staff informed our Office that it did not have documentation to demonstrate that risk assessments completed by the County Fiscal Liaison were reviewed by management for appropriateness.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes the requirements for pass-through entities.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-046 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Refugee and Entrant Assistance program.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WARCMA-03, 2301WARCMA-04, 2301WARSSS-06, 2301WARSSS-07, 2301WARSSS-08, 2301WARSSS-09, 2401WARCMA-00, 2401WARCMA-01, 2401WARCMA-02, 2401WARSSS-00, 2401WARSSS-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-052
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2024, the Department spent about $77.9 million in federal program funding. Of that amount, the Department passed through more than $55.9 million to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
During fiscal year 2024, the Department issued 125 subawards and 122 subaward amendments totaling more than $111 million to subrecipients that it was required to report in FSRS.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-052.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
We used a statistical sampling method and randomly selected and examined 24 subawards out of a total population of 247. We also tested two individually significant subawards. We determined that 12 out of 26 subawards (46%) were not submitted in FSRS during the audit period. The Department reported three of the 12 subawards in FSRS after the audit period ended, however the reports were submitted late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not have written policies and procedures in place to determine which subawards and amendments were required to be reported in FSRS until April 2024. Management said the Department filed overdue reports from prior fiscal years before it could report subawards issued during the audit period. Additionally, management did not ensure that reports were originally submitted, as required.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance, including suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reports all first-tier subawards of $30,000 or more, as required
• Verify all subawards and subaward amendments are reported in FSRS, as required
Department’s Response
The Department concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) will immediately report the contracts and amendments in question to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS).
For ongoing compliance, ORIA will develop and subsequently implement a process to verify all subawards and subaward amendments were reported as required.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-047 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WARCMA-03, 2301WARCMA-04, 2301WARSSS-06, 2301WARSSS-07, 2301WARSSS-08, 2301WARSSS-09, 2401WARCMA-00, 2401WARCMA-01, 2401WARCMA-02, 2401WARSSS-00, 2401WARSSS-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-054
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services’ Office of Refugee and Immigrant Assistance (ORIA) administers the State’s Refugee and Entrant Assistance programs. During fiscal year 2024, the Department spent about $77.9 million in federal program funding, more than $55.9 million of which it passed through to subrecipients.
Federal regulations require the Department to monitor the activities of subrecipients to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. This includes reviewing financial and performance reports required by the pass-through entity.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs. The prior finding number was 2023-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
The Department’s administrative policy 19.50.30 - Subrecipient Monitoring requires Department staff to conduct programmatic and fiscal monitoring of subrecipients. We found the Department did not monitor any of its 56 program subrecipients to ensure compliance with federal statutes, regulations, or that subaward performance goals are achieved.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
In response to the prior audit finding, ORIA program management implemented procedures for determining program subrecipients, however these changes did not take effect until the end of this audit period.
The Department did not accurately identify all program subrecipients to develop a comprehensive monitoring plan and did not ensure subrecipients were correctly identified and monitored for compliance, as required by the Uniform Guidance. In addition, management did not effectively communicate the responsibility for conducting fiscal monitoring of program subrecipients to ORIA staff.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department cannot reasonably ensure that the subrecipient has complied with the terms and conditions of the subaward.
Recommendation
We recommend the Department:
• Establish effective internal controls to ensure all subrecipients are subject to fiscal and program monitoring, as required
• Establish effective internal controls to ensure subrecipients are accurately identified by Department program staff
• Establish internal controls to ensure Department staff review financial and performance-based reports for every subrecipient
• Monitor each subrecipient to obtain reasonable assurance that each subrecipients’ use of federal funds complies with federal laws and regulations, and the subaward terms and conditions
• Communicate to subrecipients any deficiencies noted during its review and ensure appropriate corrective action is taken to address the deficiencies
Department’s Response
The Department concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) monitored some of their subrecipients, however, they did not have monitoring reports to provide as evidence. Since the program determined the subrecipients to be low risk, monitoring consisted of a desk review which was documented only on the monitoring screen of the Agency Contracts Database (ACD).
In response to the prior audit 2023-054, ORIA is working with the Division of Finance and Financial Resources (DFFR) to develop and implement effective internal controls and clear written procedures covering program and fiscal subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
To address the significant workload associated with onsite monitoring and the development of monitoring reports, ORIA and DFFR will explore the department’s ability to increase staff resources.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Department of Social and Health Services, Administrative Policy 19.50.30, Subrecipient Monitoring, states in part:
Policy
E. Fiscal and programmatic monitoring must be completed. (See Attachment C – Sample DSHS Subrecipient Fiscal Monitoring Site Visit Tool)
Based on the result of the risk assessment, a desk or on-site review must be completed. Each Program has control over the form and content of its risk assessment tools.
1. If the risk assessment shows the entity is of low to medium risk, the entity may not require an on-site review. The following items, if available, must be documented in a desk review:
a. Entity’s invoices and documentation (A-19s).
b. Entity’s program or service and financial reports.
c. Surveys or feedback cards from clients.
d. Client complaints.
e. Entity’s audit or financial report follow up and ensuring all appropriate action has been taken on all items detected through audits, on-site reviews and any other means.
f. Entity’s indirect rate certification (Certificate of Indirect Costs, form 02-568 or plan), if applicable.
g. If any of the above are not reviewed within the desk review, supervisor approval and an explanation for the reason the items were unable or immaterial to be reviewed must be included within the desk review assessment tool.
2. If the risk assessment shows the entity is a high risk, an on-site visit is required. The program/division will assign the appropriate staff to conduct the on-site review. On-site reviews must include all items in a desk review. In addition, on-site reviews may include, as appropriate, the following items:
a. A review of the delivery of program services.
b. Discussions about the subrecipient’s problems and challenges.
c. Follow-up on identified problems from previous visits.
d. Review of faculty/personnel licensing.
e. Review of surveys and inspections performed by outside parties.
f. Interview of staff to determine whether they are familiar with the program.
g. Inspection of the entity’s facilities and operations.
h. Review of and compliance with the entity’s policies and procedures governing service delivery and financial processes.
i. Review of the entity’s monitoring/production reports.
j. Review of any independent limited scope program audits.
k. Verification of performance from outside source (e.g. sub-contractors).
l. Review of the entity’s self-risk assessment survey.
m. Review of internal controls.
n. Review of billing practices.
o. Review of allocation of costs.
p. Review of timesheets or activity reports.
q. Review of financial records.
F. Monitoring must be documented.
1. The ACD must be used to document all subrecipient-related monitoring activities.
2. Assigned staff must document all desk or on-site reviews performed. The program manager overseeing the contract is responsible for making sure that items included in the review are documented in the ACD by the end of the contract period.
3. Each program must maintain contract monitoring documentation per General Administration’s retention schedule (Administrative Policy 5.04, Records Retention).
2024-048 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WARCMA-03, 2301WARCMA-04, 2301WARSSS-06, 2301WARSSS-07, 2301WARSSS-08, 2301WARSSS-09, 2401WARCMA-00, 2401WARCMA-01, 2401WARCMA-02, 2401WARSSS-00, 2401WARSSS-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-053
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2024, the Department spent about $77.9 million in federal program funding. Of that amount, the Department passed through more than $55.9 million to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit or program-specific audit. Furthermore, federal regulations require subrecipients to submit their audits in the Federal Audit Clearinghouse and to the pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes on to its subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions. The prior finding number was 2023-053.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
We found the Department did not have adequate internal controls in place to verify whether:
• Subrecipients met the audit threshold for federal assistance expended for their fiscal year
• Subrecipients received required audits, if necessary, and appropriate actions were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who received a single audit or program-specific audit
We found the Department did not monitor each of its 56 subrecipients to ensure they received a single audit, if required. Six of these subrecipients received single audits during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department used accounting system reports to determine how much it reimbursed subrecipients with Refugee and Entrant Assistance funds. However, management did not monitor subrecipients to ensure they received single audits, as required. Additionally, management did not assign any specific employees the responsibility for reviewing subrecipient audit reports and findings until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the Department cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions, and management monitors them for effectiveness where required, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the Department:
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department partially concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) monitored their subrecipients for single audit reports by verifying each subrecipient’s total federal financial assistance through online tax forms. For subrecipients that met the single audit threshold, ORIA either received the single audit report from the subrecipient or pulled a copy from the single audit online database. However, the Department did not issue management decisions.
As part of our corrective action plan for the prior audit finding (2023-053), ORIA is working with the Department’s Division of Finance and Financial Resources (DFFR) to establish and implement effective internal controls and written procedures to ensure ORIA reviews audit reports for their subrecipients and issue written management decisions, as required.
ORIA and DFFR will review all SFY24 completed single audit reports, and for any findings that pertain only to the federal award provided to the subrecipient, ORIA will issue a management decision outlining their determination of the effectiveness of the subrecipients’ proposed corrective actions to address the findings and monitor the subrecipient’s corrective actions through completion.
Auditor’s Remarks
In response to our audit request for internal controls, the Department asserted in writing that its monitoring of single audits of subrecipients during the audit period were not completed during state fiscal year 2024 and that it had no records for us to test to demonstrate monitoring occurred. It further stated that management hopes to demonstrate compliance beginning in state fiscal year 2025.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-046 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Refugee and Entrant Assistance program.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WARCMA-03, 2301WARCMA-04, 2301WARSSS-06, 2301WARSSS-07, 2301WARSSS-08, 2301WARSSS-09, 2401WARCMA-00, 2401WARCMA-01, 2401WARCMA-02, 2401WARSSS-00, 2401WARSSS-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-052
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2024, the Department spent about $77.9 million in federal program funding. Of that amount, the Department passed through more than $55.9 million to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
During fiscal year 2024, the Department issued 125 subawards and 122 subaward amendments totaling more than $111 million to subrecipients that it was required to report in FSRS.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-052.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
We used a statistical sampling method and randomly selected and examined 24 subawards out of a total population of 247. We also tested two individually significant subawards. We determined that 12 out of 26 subawards (46%) were not submitted in FSRS during the audit period. The Department reported three of the 12 subawards in FSRS after the audit period ended, however the reports were submitted late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not have written policies and procedures in place to determine which subawards and amendments were required to be reported in FSRS until April 2024. Management said the Department filed overdue reports from prior fiscal years before it could report subawards issued during the audit period. Additionally, management did not ensure that reports were originally submitted, as required.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance, including suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reports all first-tier subawards of $30,000 or more, as required
• Verify all subawards and subaward amendments are reported in FSRS, as required
Department’s Response
The Department concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) will immediately report the contracts and amendments in question to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS).
For ongoing compliance, ORIA will develop and subsequently implement a process to verify all subawards and subaward amendments were reported as required.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-047 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WARCMA-03, 2301WARCMA-04, 2301WARSSS-06, 2301WARSSS-07, 2301WARSSS-08, 2301WARSSS-09, 2401WARCMA-00, 2401WARCMA-01, 2401WARCMA-02, 2401WARSSS-00, 2401WARSSS-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-054
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services’ Office of Refugee and Immigrant Assistance (ORIA) administers the State’s Refugee and Entrant Assistance programs. During fiscal year 2024, the Department spent about $77.9 million in federal program funding, more than $55.9 million of which it passed through to subrecipients.
Federal regulations require the Department to monitor the activities of subrecipients to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. This includes reviewing financial and performance reports required by the pass-through entity.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs. The prior finding number was 2023-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
The Department’s administrative policy 19.50.30 - Subrecipient Monitoring requires Department staff to conduct programmatic and fiscal monitoring of subrecipients. We found the Department did not monitor any of its 56 program subrecipients to ensure compliance with federal statutes, regulations, or that subaward performance goals are achieved.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
In response to the prior audit finding, ORIA program management implemented procedures for determining program subrecipients, however these changes did not take effect until the end of this audit period.
The Department did not accurately identify all program subrecipients to develop a comprehensive monitoring plan and did not ensure subrecipients were correctly identified and monitored for compliance, as required by the Uniform Guidance. In addition, management did not effectively communicate the responsibility for conducting fiscal monitoring of program subrecipients to ORIA staff.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department cannot reasonably ensure that the subrecipient has complied with the terms and conditions of the subaward.
Recommendation
We recommend the Department:
• Establish effective internal controls to ensure all subrecipients are subject to fiscal and program monitoring, as required
• Establish effective internal controls to ensure subrecipients are accurately identified by Department program staff
• Establish internal controls to ensure Department staff review financial and performance-based reports for every subrecipient
• Monitor each subrecipient to obtain reasonable assurance that each subrecipients’ use of federal funds complies with federal laws and regulations, and the subaward terms and conditions
• Communicate to subrecipients any deficiencies noted during its review and ensure appropriate corrective action is taken to address the deficiencies
Department’s Response
The Department concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) monitored some of their subrecipients, however, they did not have monitoring reports to provide as evidence. Since the program determined the subrecipients to be low risk, monitoring consisted of a desk review which was documented only on the monitoring screen of the Agency Contracts Database (ACD).
In response to the prior audit 2023-054, ORIA is working with the Division of Finance and Financial Resources (DFFR) to develop and implement effective internal controls and clear written procedures covering program and fiscal subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
To address the significant workload associated with onsite monitoring and the development of monitoring reports, ORIA and DFFR will explore the department’s ability to increase staff resources.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Department of Social and Health Services, Administrative Policy 19.50.30, Subrecipient Monitoring, states in part:
Policy
E. Fiscal and programmatic monitoring must be completed. (See Attachment C – Sample DSHS Subrecipient Fiscal Monitoring Site Visit Tool)
Based on the result of the risk assessment, a desk or on-site review must be completed. Each Program has control over the form and content of its risk assessment tools.
1. If the risk assessment shows the entity is of low to medium risk, the entity may not require an on-site review. The following items, if available, must be documented in a desk review:
a. Entity’s invoices and documentation (A-19s).
b. Entity’s program or service and financial reports.
c. Surveys or feedback cards from clients.
d. Client complaints.
e. Entity’s audit or financial report follow up and ensuring all appropriate action has been taken on all items detected through audits, on-site reviews and any other means.
f. Entity’s indirect rate certification (Certificate of Indirect Costs, form 02-568 or plan), if applicable.
g. If any of the above are not reviewed within the desk review, supervisor approval and an explanation for the reason the items were unable or immaterial to be reviewed must be included within the desk review assessment tool.
2. If the risk assessment shows the entity is a high risk, an on-site visit is required. The program/division will assign the appropriate staff to conduct the on-site review. On-site reviews must include all items in a desk review. In addition, on-site reviews may include, as appropriate, the following items:
a. A review of the delivery of program services.
b. Discussions about the subrecipient’s problems and challenges.
c. Follow-up on identified problems from previous visits.
d. Review of faculty/personnel licensing.
e. Review of surveys and inspections performed by outside parties.
f. Interview of staff to determine whether they are familiar with the program.
g. Inspection of the entity’s facilities and operations.
h. Review of and compliance with the entity’s policies and procedures governing service delivery and financial processes.
i. Review of the entity’s monitoring/production reports.
j. Review of any independent limited scope program audits.
k. Verification of performance from outside source (e.g. sub-contractors).
l. Review of the entity’s self-risk assessment survey.
m. Review of internal controls.
n. Review of billing practices.
o. Review of allocation of costs.
p. Review of timesheets or activity reports.
q. Review of financial records.
F. Monitoring must be documented.
1. The ACD must be used to document all subrecipient-related monitoring activities.
2. Assigned staff must document all desk or on-site reviews performed. The program manager overseeing the contract is responsible for making sure that items included in the review are documented in the ACD by the end of the contract period.
3. Each program must maintain contract monitoring documentation per General Administration’s retention schedule (Administrative Policy 5.04, Records Retention).
2024-048 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WARCMA-03, 2301WARCMA-04, 2301WARSSS-06, 2301WARSSS-07, 2301WARSSS-08, 2301WARSSS-09, 2401WARCMA-00, 2401WARCMA-01, 2401WARCMA-02, 2401WARSSS-00, 2401WARSSS-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-053
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2024, the Department spent about $77.9 million in federal program funding. Of that amount, the Department passed through more than $55.9 million to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit or program-specific audit. Furthermore, federal regulations require subrecipients to submit their audits in the Federal Audit Clearinghouse and to the pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes on to its subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions. The prior finding number was 2023-053.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
We found the Department did not have adequate internal controls in place to verify whether:
• Subrecipients met the audit threshold for federal assistance expended for their fiscal year
• Subrecipients received required audits, if necessary, and appropriate actions were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who received a single audit or program-specific audit
We found the Department did not monitor each of its 56 subrecipients to ensure they received a single audit, if required. Six of these subrecipients received single audits during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department used accounting system reports to determine how much it reimbursed subrecipients with Refugee and Entrant Assistance funds. However, management did not monitor subrecipients to ensure they received single audits, as required. Additionally, management did not assign any specific employees the responsibility for reviewing subrecipient audit reports and findings until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the Department cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions, and management monitors them for effectiveness where required, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the Department:
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department partially concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) monitored their subrecipients for single audit reports by verifying each subrecipient’s total federal financial assistance through online tax forms. For subrecipients that met the single audit threshold, ORIA either received the single audit report from the subrecipient or pulled a copy from the single audit online database. However, the Department did not issue management decisions.
As part of our corrective action plan for the prior audit finding (2023-053), ORIA is working with the Department’s Division of Finance and Financial Resources (DFFR) to establish and implement effective internal controls and written procedures to ensure ORIA reviews audit reports for their subrecipients and issue written management decisions, as required.
ORIA and DFFR will review all SFY24 completed single audit reports, and for any findings that pertain only to the federal award provided to the subrecipient, ORIA will issue a management decision outlining their determination of the effectiveness of the subrecipients’ proposed corrective actions to address the findings and monitor the subrecipient’s corrective actions through completion.
Auditor’s Remarks
In response to our audit request for internal controls, the Department asserted in writing that its monitoring of single audits of subrecipients during the audit period were not completed during state fiscal year 2024 and that it had no records for us to test to demonstrate monitoring occurred. It further stated that management hopes to demonstrate compliance beginning in state fiscal year 2025.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-049 The Department of Commerce improperly charged $492,317 to earmarking requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WAE5C6; 2101WALIEA
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: $492,317
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia, and territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Federal regulations require the Department to meet the following earmark requirements:
• No more than 10% of a state’s LIHEAP funds may be used for planning and administrative costs
• No more than 15% of LIHEAP funds may be used for low-cost residential weatherization or other energy-related home repairs
• No more than 5% of LIHEAP funds may be used to provide services that encourage and enable households to reduce their home energy needs and therefore their need for energy assistance
To ensure the Department meets the earmark requirements, when a new award is received, staff create an allocation model to calculate the maximum allowable earmarking amounts. Each award is given unique project codes in the accounting system to track expenditures against the earmark amounts.
Description of Condition
The Department of Commerce improperly charged $492,317 to earmarking requirements for LIHEAP.
We found the Department had procedures to track earmarking requirements and had adequate internal controls to ensure material compliance.
During fiscal year 2024, there were two awards that were required to meet the earmark limits. We found both awards overspent the 15% weatherization earmark as follows:
• For award 2101WAE5C6, the Department overspent the amount by $287,998.
• For award 2101WALIEA, the Department overspent the amount by $204,319.
The total questioned cost amount is $492,317.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the questioned costs exceeded that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
When completing the allocation model to determine earmarking amounts, the Department initially allocated 15% of the total award funds to weatherization. However, staff allocated additional subrecipient administrative funds to the initial allocated amount, bringing the weatherization total beyond the allowed earmark. Staff identified this error, but the Department had already obligated funds to subrecipients from this allocation and chose not to correct the subaward amounts.
Effect of Condition and Questioned Costs
We identified $492,317 in questioned costs on activities that exceeded the weatherization earmark amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Department consult with the federal grantor to discuss whether it should repay the questioned costs identified in the audit.
Department’s Response
The Department appreciates the detailed audit of the earmarking process in use by the Low Income Home Energy Assistance Program (LIHEAP). Following receipt of the audit recommendations, budget and Internal Controls Office staff reviewed the total expenditures used to calculate the questioned costs and determined the amounts reported were accurate. Program staff will seek guidance from the Department of Health and Human Services (HHS) Office of Community Services (OCS) regarding the questioned costs.
To ensure accuracy and compliance of current and future awards, LIHEAP program staff are currently collaborating with budget staff to work towards alignment between divisions with federal requirements. This includes a thorough review of financial records, detailed reconciliations, and adjustments to budgeting procedures to prevent future occurrences.
Moving forward, the Department will implement enhanced internal controls and monitoring processes to ensure accurate budgeting and reporting of earmarked funds. We are committed to maintaining compliance with federal requirements and demonstrating our accountability in managing public funds.
The Department will provide the results of the consultation of HHS during the next scheduled LIHEAP audit or audit follow-up.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 CFR Part 75.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards establishes definitions for questioned costs. Part 75.410 establishes requirements for the collection of unallowable costs.
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 United States Code, Section 8624(k), Limitations on use of funds; waiver, establishes that no more than 15% may be used by the State for low-cost residential weatherization or other energy-related home repair for low-income households.
2024-050 The Department of Commerce did not have adequate internal controls over and did not comply with period of performance requirements for the Low-Income Home Energy Assistance program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA, 2101WAE5C6, 2101WALWC6, 2101WALWC5, 2201WALIEI, 2201WALIEA, 2201WALIE4
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $4,409,760
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families (ACF), administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Federal regulations require the Department to obligate at least 90% of the LIHEAP block grant funds in the first federal fiscal year in which they are awarded. If funds are left over after the end of the first federal fiscal year, the Department must either return those funds or report to the grantor the amount it intends to carry over and reallot. The Department may carry over up to 10% of the funds payable for obligation no later than the end of the following federal fiscal year. Funds not obligated by the end of the second fiscal year of the award must be returned to ACF. The limits on the period for the expenditure of funds are communicated to award recipients.
LIHEAP awards typically have a two-year project period when the Department may obligate funds to subrecipients through subawards and incur administrative costs to execute the award. The subawards define the period of performance for subrecipients to spend these funds. Departmental administrative costs are considered obligated when the expenditure activity occurs. As such, the period of performance for administrative costs aligns with the project period start and end date. If the Department requires more than one year from the project period end date to liquidate allowable costs, it is required to notify the Grantor.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for LIHEAP.
Obligations
During state fiscal year 2024, the Department was required to obligate 90% of funds for the federal fiscal year 2023 award. This amount is reported on the Carryover and Reallotment Report. The Department was unable to provide documentation to support the amount of funds it obligated in the first year of the award. This issue is referenced in finding 2024-051.
Expenditures
During state fiscal year 2024, there were five awards with project end dates. We judgmentally selected and examined 21 expenditures charged to these awards. We found:
• Four (19%) expenditures for which the Department did not provide any documentation to support that the cost occurred during the period of performance
• Three (14%) expenditures for which the documentation the Department provided did not support that the costs occurred during the period of performance
The total costs associated with these seven expenditures are $1,010,249.
In addition, we analyzed expenditures charged to the awards in the accounting system and identified $1,346,137 of administrative activities that occurred after the period of performance.
Liquidations
There were two awards with liquidation periods ending during state fiscal year 2024. We judgmentally selected and examined eight expenditures the Department charged to grants that were liquidating funds during the audit period. We found:
• Three (38%) expenditures for which the Department did not provide any documentation to support that the cost occurred during the period of performance
• Two (25%) expenditures for which the documentation the Department provided did not support that the costs occurred during the period of performance
The total costs associated with these five expenditures are $1,916,227
In addition, we analyzed expenditures charged to the awards and identified $137,148 of administrative activities that occurred after the period of performance.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department misinterpreted the federal regulations, which led management to believe it was compliant with period of performance requirements.
Further, the Department did not provide us with all the documentation to demonstrate that the Department incurred the charges we examined during the period of performance.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it uses federal funds within the period of performance.
We identified $1,483,285 in known questioned costs for expenditures that occurred outside of the period of performance. We also identified $2,926,476 in known questioned costs for expenditures that did not have adequate support to determine if they were within the period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure it complies with period of performance requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department agrees with the internal control weaknesses identified in the report. However, for the contract periods included in this audit we were operating off of guidance received by the United State Department of Health and Human Services (HHS) in 2022. Directly following notification of this deficiency for this audit, we reached out to HHS to clarify the closeout year requirements. In December 2024 we received updated guidance on how to apply the closeout year to current awards.
Beginning with the 2024 program year (October 1, 2023), all subrecipient contracts were issued with a two-year period of performance, which will eliminate new expenses being added to the closeout year. This ensures that all LIHEAP awards will be managed within a consistent two-year period of performance, which aligns with the updated HHS guidance. All future LIHEAP awards will follow the same period of performance principle.
The Department will engage with the HHS to determine the appropriate next steps on how to handle the questioned costs.
The Department is committed to addressing the internal control weaknesses identified in the audit and will continue to strengthen its processes to ensure ongoing compliance with period of performance requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 45 CFR Part 96, section 81, Carryover and reallotment, establishes the procedures relating to carryover and reallotment of regular LIHEAP block grant funds
ACF Supplemental Terms and Conditions, LIHEAP, effective October 1, 2021, states in part:
9. Obligation Deadline:
a. The two-year funding (project) period for this award is concurrent with the obligation period: from the first day of the FFY for which these funds were awarded through the last day of the following FFY. (i.e., October 1, FFY 1 through September 30, FFY 2.) A maximum of 10 percent of the federal funds awarded under this grant may be held available for obligation in the FFY 2 of the project period. If more than 10 percent of a recipient's federal funds remains unobligated at the end of the FFY in which they were allotted, those excess funds must be returned to HHS and are subject to reallotment among all recipients in the next fiscal year. Any federal funds not obligated by the end of the two-year obligation period will be recouped by the Department.
b. Federal funds awarded under this grant must be expended for the purposes for which they were awarded and in payment for obligations made within the time period allotted.
10. Liquidation:
All properly obligated federal funds awarded under this grant must be liquidated in accordance with the recipient’s own fiscal control and funds control procedures. If the recipient requires more than 1 year from the project period end date to liquidate allowable costs, it shall notify the Grants Management Officer identified on its latest Notice of Award. The notification shall include the reason for the delay and the anticipated timeframe for liquidation. Any federal funds from this award not liquidated by the date required under the recipient’s own fiscal control procedures, which may not exceed five years following the fiscal year of award, will be recouped by this Department.
ACF-OCS-LIHEAP-IM-2024-04 LIHEAP Obligations, Expenditures, and Refunds, states in part:
Federal appropriations accounting law at 31 U.S.C. § 1502(a) states that the balance of an appropriation or fund limited for obligation to a definite period is available only for payment of expenses properly incurred during the period of availability or to complete contracts properly made within that period of availability. Grant recipients may not incur new expenditures beyond the period of performance unless necessary to liquidate obligations made during the period of performance under active agreements or subawards with partnering agencies. Grant recipients must liquidate obligations according to the same rules, including the timeframe, required of its own non-federal funding.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-051 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2301WALIEA; 2301WALIEE; 2301WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
The LIHEAP Carryover and Reallotment Report is used to indicate the amount expected to be carried forward for obligation in the following fiscal year and the planned use of those funds. The federal grantor specified there were two key lines items on the report that contained critical information: the carryover amount and the reallotment amount
In the first federal fiscal year after a grant is awarded, the Department must obligate at least 90% of the LIHEAP block grant funds. If funds are left over after the end of the first federal fiscal year, the Department must either return those funds or report the amount it intends to carry over and reallot. The Department must submit this report by August 1, indicating the amount it expects to carry forward for obligation in the following fiscal year and its planned use of those funds.
To complete this report, the Department’s budget unit staff is responsible for reviewing the support and compiling the reported amounts. They are also responsible for completing, reviewing, and approving the report. Program staff are responsible for submitting the report.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for LIHEAP.
The Department reported that there were no funds for reallotment and there was $6,033,389 for carryover from the fiscal year 2023 award. The Department created a spreadsheet with manual inputs to calculate the carryover amount. However, the Department was unable to provide the source documentation to support the amounts on the spreadsheet. As a result, the Department was unable to demonstrate that this reported amount was accurate.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department stated they experienced turnover with key staff responsible for preparing the report. Specifically, the budget staff who had prepared the report in past years left the Department. Instead of budget staff preparing and submitting the report, the program manager, who is not normally involved in this process, was tasked with completing and submitting this report without adequate guidance or oversight by management. The Department stated the staffing changes, combined with duties not being assigned, led to process changes from previous years which resulted in the deficiencies identified.
The Department also did not have written policies or procedures on how to prepare, review and submit this report.
Effect of Condition
Since the Department did not retain supporting documentation and source data for the reports, we were unable to verify whether the amounts the Department reported to the federal grantor were accurate.
Additionally, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance with reporting requirements by suspending or terminating the award, or withholding future awards, should it choose to do so.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure the report is accurate
• Ensure management reviews reports before submission
• Establish written policies and procedures on how to complete the report
• Retain adequate supporting documentation for the report
• Consult with the federal grantor to determine if it should revise and resubmit the report
Department’s Response
The Department agrees with this finding, and is taking the following actions in response:
• Developing procedural documents that articulate roles and responsibilities, and documentation retention requirements.
• Escalation processes that support resolution of any discrepancies in data.
• Implementing a recurring reconciliation processes to find and adjust errors as necessary.
• Updating agency policy to reflect uniform standards that are consistent with a singular interpretation of federal guidance.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Office of Management and Budget, 2024 Compliance Supplement, Assistance Listing 93.568 Low-Income Home Energy Assistance Program, describes the compliance requirements for special and performance reporting.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-052 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6,2101WALWC6, 2101WALWC5, 2201WALIEI,2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it executed the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The Department has two units – energy assistance and weatherization – that administer two different program activities. Each unit is responsible for complying with this reporting requirement and have similar processes for completing the reports. When a new or amended subaward is executed, program staff enter its information into the Department’s Contract Management System (CMS). Program staff use the information in the CMS to complete the report. There were a total of 115 awards and amendments that the Department was required to report in fiscal year 2024, totaling $102,300,556.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
During the audit period, the Department was required to report 115 new and amended subawards totaling about $102 million in program funds. We used a nonstatistical sampling method to randomly select and examine 17 out of the total population of 115 subawards. We found that:
• The Department did not report three out of 17 (18%) subawards in FSRS. The Department asserted it submitted the subawards included in one Federal Funding Accountability and Transparency Act report, but did not retain a copy of the report and was unable to retrieve it from FSRS. We attempted to locate these three subawards at USAspending.gov to verify submission but were unable to do so.
• One out of 17 (6%) subawards reported an incorrect subaward amount
• Two out of 17 (12%) subawards reported the incorrect subrecipient name and unique entity identifier
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate processes in place to ensure it reported the correct information and retained documentation for audit purposes.
For the three subawards not retained, Department management said another staff member submitted this report instead of the program manager. This person no longer works at the Department and the program manager does not have access to their FSRS account.
For the three subawards with incorrect information, internal controls were insufficient to ensure the Department correctly entered the information into the CMS.
Effect of Condition
Failing to properly submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines
• Ensure it retains copies of completed reports after submitting
• Ensure it correctly enters subaward details into the CMS
Department’s Response
Commerce concurs with the finding and will work with budget staff to ensure that Notice of Funding Available (NOFA) information is entered into CMS accurately when it is received.
Program staff enter dollar amounts for contracts and amendments into CMS and budget staff enter the Federal Awards information from the NOFA into CMS. Department staff will look into this process and evaluate updating the data entry process to eliminate the possibility of errors in the entry process.
The FFATA Sub Reporting System (FSRS) does not allow users to review reports that were submitted by other users without the request of account migration. The reports could not be provided due to this restriction of the system. The FSRS system is currently being removed and updated to a different site. In the meantime, Department staff will request account migration of previous users to gain access to previously submitted reports.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.
3. What to report. You must report the information about each obligatory action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-053 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6,2101WALWC6, 2101WALWC5, 2201WALIEI,2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Finding 2023-055
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
The Department is required to collect and report program information through various reports.
LIHEAP Performance Data Form
The LIHEAP Performance Data Form has two modules. Module 1 is the Grant Recipient Survey that collects and reports data on sources and uses of LIHEAP funds. Module 2 is the performance measures used to report data on energy burden targeting and reduction, as well as the continuity of home energy services. The Grant Recipient Survey obligation amounts should be compared with the Carryover and Reallotment and SF-425 reports. This reconciliation is needed to ensure the obligated balances for the program year being tested are accurate.
The key line items include:
• “Uses of Funds” represent a state’s obligation of federal LIHEAP funds, not expenditure of federal LIHEAP funds. In some cases, obligated funds are not actually expended until after the end of the federal fiscal year.
• The total “Uses of Funds” (shown in Item 45 of Section IV) should equal the total “Sources of Funds” (shown in Item 16 of Section III).
• “Other LIHEAP assistance” would include federal LIHEAP funds used to provide “other crisis assistance,” such as furnace or air conditioner repairs or replacements.
Annual Report on Households Assisted by LIHEAP
The Annual Report on Households is used to report data on the number, income levels and demographic information on both households assisted and households applying for assistance.
Both reports are required to separate the data by regular LIHEAP funding and additional LIHEAP funding under the Coronavirus Aid, Relief, and Economic Security (CARES) Act, and the American Rescue Plan Act of 2021 (ARPA).
Quarterly Performance and Management Report
The Quarterly Performance and Management Report requires the Department to report aggregated data on total households assisted, performance management metrics and estimated uses of LIHEAP funds, along with some narrative information about program implementation and support.
The Department maintains a LIHEAP database that stores recipient information used to complete many sections of these reports. Department staff rely on reports with preset criteria from this database to pull necessary information.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for LIHEAP. The prior finding numbers were 2023-055, 2022-039 and 2021-032.
Description of Condition
The Department did not have adequate internal controls over and did not comply with the reporting requirements for LIHEAP.
To ensure the data pulled from the LIHEAP database is accurate and complete, we reviewed the stored procedures for generating the reports. We found that there were errors in the logic that caused these reports to not capture the correct program data that should have been reported to the federal grantor.
We reviewed the LIHEAP Performance Data Form and Annual Report on Households Assisted for the federal fiscal year ending September 30, 2023. In addition, we reviewed the four Quarterly Performance and Management Reports that the Department submitted during the audit period. We examined each report and attempted to recalculate the information reported using the supporting documentation used to prepare the reports and data from the LIHEAP database.
We identified the following discrepancies:
LIHEAP Performance Data Form
In Module 1 Estimated Uses of LIHEAP Funds, 15 of the 21 fields had discrepancies:
• Eight of 21 (38%) fields were inaccurate. The range of variance on what was reported and what was supported was between -$5,699,151 and $96,661.
• The Department was unable to provide support for seven of 21 (33%) fields
Furthermore, we found a discrepancy of $1,945,675 between the total source of funds in section III and the total use of funds in section IV where these amounts should match.
Lastly, the amount reported for obligations on the Performance Data Form did not reconcile to the amounts reported on both the Carryover and Reallotment and the SF-425 reports. The Department reported $99,468,214 in total obligations on the Performance Data Form and $101,962,464 on the Carryover and Reallotment and SF-425 reports for a difference of $2,494,250.
Annual Report on Households Assisted by LIHEAP
• Ten of 14 (71%) fields we examined were inaccurate.
• The differences in the amounts reported and data from the LIHEAP database were between 6322 households underreported to 35 households overreported.
Quarterly Performance and Management Report
• Sections 1, Total Households Assisted and 2, Performance Management:
o For 2023 Q3 we determined that three out of three (100%) fields were inaccurate.
The difference between values reported and data provided were between 103 to 3924 households underreported.
o For 2023 Q4 we determined that three out of three (100%) fields were inaccurate.
The difference between values reported and data provided were between one to 451 households underreported.
• Section 3, Estimated Uses of Funds:
o For the 2023 Q3 & Q4 reports there was a difference of -$7,286,259 in the reported amount of funds obligated with the amount in documentation provided.
o For the 2024 Q1 & Q2 reports there was a difference of -$8,528,492 in the reported amount of funds obligated with the amount in documentation provided.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
For all three reports, there were errors in the logic used to pull data from the LIHEAP Database that caused sections of these reports to contain inaccurate data. The Department did not detect these errors before the audit. In addition, management did not ensure they properly reviewed and approved these reports before the Department submitted them.
In response to the prior year finding, the Department began to retain source documentation used at the time of completing these reports. However, for the Quarterly Performance Management Report, the Department had already completed two of the quarterly reports before implementing this new process. Therefore, current data from the LIHEAP database was used to test these two quarters and since this is real-time data that can change over time without the ability to track changes, the data used to verify the reported amounts has changed since the time of report submission.
Department officials also said the agency is understaffed and experienced turnover among key personnel, including management, who are involved in preparing and submitting the reports.
Effect of Condition
By not establishing proper logic to pull data from the LIHEAP database, the Department cannot ensure the amounts reported to the federal grantor were complete and accurate.
Additionally, by not retaining supporting documentation and source data for the Quarterly Performance Management Report, management was unable to demonstrate the amounts the Department reported to the federal grantor were complete and accurate.
Finally, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance with reporting requirements by suspending or terminating the award, or withholding future awards, should it choose to do so.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure the reports are accurate and complete
• Establish effective internal controls to ensure that the LIHEAP Database reports are accurate and complete
• Ensure management reviews reports before submission
• Ensure it retains supporting documentation and real-time data used to prepare the reports
• Ensure all amounts reported align with reporting requirements and methodologies
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Department’s Response
We concur with the audit finding and are committed to implementing corrective actions to address the identified discrepancies. Program staff will work with the Financial Services Division (FSD) staff to enhance internal controls and ensure accurate reporting by requiring that all sections completed by budget staff be reviewed and approved by the Budget Manager for completeness and accuracy prior to submission to the program for entry into the Federal Reporting System. Additionally, budget and accounting staff and managers will ensure Module 1 of the LIHEAP Performance Data Form reconciles to the amounts reported on both the Carryover and Reallotment, and the SF-425 reports to prevent reporting inconsistencies.
As a result of the deficiencies identified, information technology (IT) staff conducted a thorough review of the LIHEAP Admin Report 706 – LIHEAP AT 2024 HHR Long Form FY 24 and identified errors affecting data accuracy. System updates were implemented to correct these issues and ensure alignment with the federal reporting guidelines. IT staff will continue to monitor and refine data processes to improve accuracy and consistency. These efforts will ensure that LIHEAP reports remain complete, accurate, and compliant with federal reporting requirements.
It is important to note that quarterly reports are point-in-time counts and can change throughout the program year. The inaccuracies in the quarterly reports were due to the omission of LIHEAP Weatherization obligations. Following guidance from the U.S. Department of Health and Human Services program staff will include LIHEAP-Weatherization obligations for all future reporting.
To better explain some of the deficiencies reported, the period of performance audited is the state fiscal year which presents challenges in immediately implementing corrective actions. Each SAO audit covers two overlapping federal award periods which restricts our ability to make required changes until the next program cycle, as contracts and NOFA information are already executed when findings are issued. Despite this, the program is committed to integrating necessary corrections at the start of each new program year to improve the accuracy and completeness of LIHEAP reporting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart 342, Monitoring and reporting program performance, states in part:
b. Non-construction performance reports. The HHS awarding agency must use standard, OMB-approved data elements for collection of performance information (including performance progress reports, Research Performance Progress Report, or such future collections as may be approved by OMB and listed on the OMB Web site).
1. The non-Federal entity must submit performance reports at the interval required by the HHS awarding agency or pass-through entity to best inform improvements in program outcomes and productivity. Intervals must be no less frequent than annually nor more frequent than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes. Annual reports must be due 90 calendar days after the reporting period; quarterly or semiannual reports must be due 30 calendar days after the reporting period. Alternatively, the HHS awarding agency or pass-through entity may require annual reports before the anniversary dates of multiple year Federal awards. The final performance report will be due 90 calendar days after the period of performance end date. If a justified request is submitted by a non-Federal entity, the HHS awarding agency may extend the due date for any performance report.
Title 45 CFR Part 96, Subpart 82, Required report on households assisted, states in part:
a. Each grantee which is a State or an insular area which receives an annual allotment of at least $200,000 shall submit to the Department, as part of its LIHEAP grant application, the data required by section 2605(c)(1)(G) of Public Law 97-35 (42 U.S.C. 8624(c)(1)(G)) for the 12-month period corresponding to the Federal fiscal year (October 1 – September 30) preceding the fiscal year for which funds are requested. The data shall be reported separately for LIHEAP heating, cooling, crisis, and weatherization assistance.
Office of Management and Budget, 2024 Compliance Supplement, Assistance Listing 93.568 Low-Income Home Energy Assistance Program, describes the compliance requirements for special and performance reporting.
The U.S. Department of Health and Human Services, Division of Energy Assistance, Office of Community Services, Administration of Children and Families, provides the following reporting instructions:
• Instructions for the LIHEAP Performance Data Form for FFY 2023
• Instructions for the LIHEAP Household Report for FFY 2023 – Long Form
• Instructions for Completion of the Quarterly Performance and Management Report for the Low-Income Home Energy Assistance Program
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-054 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for the Low-Income Home Energy Assistance Program are clearly identified as subawards.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6, 2101WALWC6, 2101WALWC5, 2201WALIEI, 2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, 2023-056
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. During the audit period, the energy assistance program allocated funds to 26 subrecipients to assist low-income households with their energy costs, and the weatherization program allocated funds to 24 subrecipients for construction projects to increase the energy efficiency of homes and apartments. About 85% of LIHEAP funds go to the energy assistance program, with no more than 15% allocated for weatherization activities. Each program makes separate subawards to subrecipients.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified to a subrecipient as a subaward, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. The contract unit creates and maintains contract and subaward templates that programs use to draft contracts and subawards but is not involved in reviewing these subawards for compliance prior to execution. LIHEAP program management prepare and review subawards prior to execution to ensure all elements are included in the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for LIHEAP contained the federal award identification elements. The prior finding number was 2023-056.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for LIHEAP are clearly identified as subawards.
During the audit period, the Department executed 63 LIHEAP subawards for the energy assistance and weatherization programs. The Department uses the same process for these two programs to ensure the 14 federal award identification elements are included in the subawards. We used a nonstatistical sampling method to randomly select and examine 12 out of a total population of 63.
We found that seven subawards (58%) for energy assistance did not clearly identify the subaward as such to the subrecipient. On the face sheet of these subawards there are boxes to identify if the agreement is for a subrecipient or contract. For these seven awards, the Department identified it was for a contractor instead of a subrecipient even though the fields on the face sheet use the term “grantee.” In addition, for these seven agreements, the page following the face sheet in the agreement is a sheet titled "Contract Information Sheet." This sheet refers to the subrecipient as a contractor and continues to use the terms contract and contractor throughout the remainder of the agreement.
All seven of the agreements are also titled as “Federal Client Service Contract.” Washington state law has specific guidance and requirements related to client service contracts that are not consistent with requirements for subawards.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The program manager for energy assistance believed these award recipients to be contractors instead of subrecipients. In addition, the contract and subaward templates created by the contract unit at the Department use consistent language throughout, but the program manager edited the templates, resulting in inconsistent language.
Effect of Condition
By not correctly identifying the award as a subaward, the Department cannot ensure the subrecipient will comply with federal subrecipient requirements.
Recommendation
We recommend the Department establish policies and procedures and provide training for staff to ensure subawards are clearly identified as such to subrecipients. In addition, we recommend the Department consider incorporating the contracts unit when reviewing draft contracts and subawards.
Department’s Response
The Department acknowledges the SAO finding but clarifies that the terminology used in subawards was not the result of a program manager’s independent modifications, the term “contractor” is included in Department contracts to refer to the entity the Department is contracting with, it was not used to designate the federal recipient type. Department templates used for subrecipient awards have been updated to include a designation of contractor or subrecipient.
For all future contracts, the LIHEAP program will ensure the applicable contract templates are used to include the federal recipient type and all of the requirements for pass through entities.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
a. Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. …
Title 45 CFR Part 75, section 2, Definitions, state, in part:
These are the definitions for terms used in this part. Different definitions may be found in Federal statutes or regulations that apply more specifically to particular program or activities. These definitions could be supplemented by additional instructional information provided in in governmentwide standard information collections.
Contract means a legal instrument by which a non-Federal entity purchases property or services needed to carry out the project or program under a Federal award. The term as used in this part does not include a legal instrument, even if the non-Federal entity considers it a contract, when the substance of the transaction meets the definition of a Federal award or subaward (see Subaward).
Contractor means an entity that receives a contract as defined in Contract.
Subaward means an award provided by a pass-through entity to a subrecipient for the subrecipient to carry out part of a Federal award received by the pass-through entity. It does not include payments to a contractor or payments to an individual that is a beneficiary of a Federal program. A subaward may be provided through any form of legal agreement, including an agreement that the pass-through entity considers a contract.
Subrecipient means a non-Federal entity that receives a subaward from a pass-through entity to carry out part of a Federal program; but does not include an individual that is a beneficiary of such program. A subrecipient may also be a recipient of other Federal awards directly from a Federal awarding agency.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 39 Revised Code of Washington, Chapter 39.26, Procurement of Goods and Services, contains guidance on the procurement of goods and services, including for client service contracts.
2024-055 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Low Income Home Energy Assistance program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6, 2101WALWC6, 2101WALWC5, 2201WALIEI, 2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The subrecipients included on this list are provided to the Internal Control Office by program staff.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the LIHEAP received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit period, the spreadsheet used to monitor compliance with these requirements included seven LIHEAP subrecipients. By reviewing prior year LIHEAP expenditures, we determined there were 33 LIHEAP subrecipients that may have been required to receive a single audit. We requested the Department verify this number, but did not receive a confirmation. As a result, we concluded the Department did not properly track 26 out of these 33 subrecipients to review the subrecipients’ audits for program-funded findings and completion of required management decisions, if applicable.
In addition, we found one subrecipient received a LIHEAP finding requiring a management decision letter. This subrecipient was not tracked on the spreadsheet and no letter was issued by the end of the audit period, 14 months after the report was accepted into the Federal Audit Clearinghouse.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Internal Control Office staff responsible for ensuring compliance received a list of subrecipients from program staff, but did not verify that the list was complete. Therefore, the list provided by program staff was tracked, but not the remaining subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients received single audits when they were required. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the Department:
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to
determine if any additional subrecipients are required to take corrective action to address
audit recommendations
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients
and issues written management decisions, as required
• Ensure subrecipients develop and take acceptable corrective actions to adequately address
all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department appreciates the review of the single audit verification process but respectfully disagrees with information reported in the finding. The Internal Controls Office (ICO) implemented strong internal controls in 2022 to monitor and verify single audit reporting. This is supported by fiscal year 2023 opinions issued which found no deficiencies. During the current audit the auditor in charge changed three times leading to issues in understanding of the monitoring process. Additionally, a total of eight subrecipients were selected for testing of management decisions, however, seven of those selected were drawn inaccurately and not applicable for testing at Commerce.
The process to identify, review, verify and document subrecipients who meet the federal single audit reporting requirements in comprehensive but relies on information provided from internal programs. ICO staff generate a Contracts Management System (CMS) report, an Agency Financial Reporting System (AFRS) report to identify federally funded subrecipients then confirm then with program staff. The process largely relies on our program partners to confirm their list of subrecipients.
As referenced in the current year LIHEAP finding for subrecipient monitoring subaward language, most of the subrecipients were identified as contractors who are exempt from federal reporting resulting in the ICO receiving an incomplete list of subrecipients to verify. A total of eight LIHEAP recipients were verified as they received funding and were confirmed as subrecipients of other programs. After receiving the updated list of subrecipients in October 2024, ICO staff verified all but three, of those, two did not meet the reporting threshold and one report we are requesting to obtain from the entity. The Department acknowledges internal controls need to be strengthened in the determination of recipient type.
As a result of staffing shortages, the management decision letter tested was not issued within the six month requirement. We have worked on addressing the staffing shortages and will continue to strengthen controls and compliance when deficiencies are identified.
Auditor’s Remarks
The original testing selections sent to the Department did include seven Department subrecipients that did not have findings related to the LIHEAP program, but these were removed from the testing population once this was identified during the normal audit process and they were not included in our reported results.
We appreciate the Department acknowledges that it did not monitor the single audit requirement for all LIHEAP subrecipients during the audit period and that the only subrecipient with a LIHEAP finding did not receive a management decision letter. We also appreciate the Department’s commitment to strengthening its control processes to ensure it has a full population of subrecipients that are required to be monitored for compliance.
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-049 The Department of Commerce improperly charged $492,317 to earmarking requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WAE5C6; 2101WALIEA
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: $492,317
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia, and territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Federal regulations require the Department to meet the following earmark requirements:
• No more than 10% of a state’s LIHEAP funds may be used for planning and administrative costs
• No more than 15% of LIHEAP funds may be used for low-cost residential weatherization or other energy-related home repairs
• No more than 5% of LIHEAP funds may be used to provide services that encourage and enable households to reduce their home energy needs and therefore their need for energy assistance
To ensure the Department meets the earmark requirements, when a new award is received, staff create an allocation model to calculate the maximum allowable earmarking amounts. Each award is given unique project codes in the accounting system to track expenditures against the earmark amounts.
Description of Condition
The Department of Commerce improperly charged $492,317 to earmarking requirements for LIHEAP.
We found the Department had procedures to track earmarking requirements and had adequate internal controls to ensure material compliance.
During fiscal year 2024, there were two awards that were required to meet the earmark limits. We found both awards overspent the 15% weatherization earmark as follows:
• For award 2101WAE5C6, the Department overspent the amount by $287,998.
• For award 2101WALIEA, the Department overspent the amount by $204,319.
The total questioned cost amount is $492,317.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the questioned costs exceeded that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
When completing the allocation model to determine earmarking amounts, the Department initially allocated 15% of the total award funds to weatherization. However, staff allocated additional subrecipient administrative funds to the initial allocated amount, bringing the weatherization total beyond the allowed earmark. Staff identified this error, but the Department had already obligated funds to subrecipients from this allocation and chose not to correct the subaward amounts.
Effect of Condition and Questioned Costs
We identified $492,317 in questioned costs on activities that exceeded the weatherization earmark amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Department consult with the federal grantor to discuss whether it should repay the questioned costs identified in the audit.
Department’s Response
The Department appreciates the detailed audit of the earmarking process in use by the Low Income Home Energy Assistance Program (LIHEAP). Following receipt of the audit recommendations, budget and Internal Controls Office staff reviewed the total expenditures used to calculate the questioned costs and determined the amounts reported were accurate. Program staff will seek guidance from the Department of Health and Human Services (HHS) Office of Community Services (OCS) regarding the questioned costs.
To ensure accuracy and compliance of current and future awards, LIHEAP program staff are currently collaborating with budget staff to work towards alignment between divisions with federal requirements. This includes a thorough review of financial records, detailed reconciliations, and adjustments to budgeting procedures to prevent future occurrences.
Moving forward, the Department will implement enhanced internal controls and monitoring processes to ensure accurate budgeting and reporting of earmarked funds. We are committed to maintaining compliance with federal requirements and demonstrating our accountability in managing public funds.
The Department will provide the results of the consultation of HHS during the next scheduled LIHEAP audit or audit follow-up.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 CFR Part 75.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards establishes definitions for questioned costs. Part 75.410 establishes requirements for the collection of unallowable costs.
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 United States Code, Section 8624(k), Limitations on use of funds; waiver, establishes that no more than 15% may be used by the State for low-cost residential weatherization or other energy-related home repair for low-income households.
2024-050 The Department of Commerce did not have adequate internal controls over and did not comply with period of performance requirements for the Low-Income Home Energy Assistance program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA, 2101WAE5C6, 2101WALWC6, 2101WALWC5, 2201WALIEI, 2201WALIEA, 2201WALIE4
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $4,409,760
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families (ACF), administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Federal regulations require the Department to obligate at least 90% of the LIHEAP block grant funds in the first federal fiscal year in which they are awarded. If funds are left over after the end of the first federal fiscal year, the Department must either return those funds or report to the grantor the amount it intends to carry over and reallot. The Department may carry over up to 10% of the funds payable for obligation no later than the end of the following federal fiscal year. Funds not obligated by the end of the second fiscal year of the award must be returned to ACF. The limits on the period for the expenditure of funds are communicated to award recipients.
LIHEAP awards typically have a two-year project period when the Department may obligate funds to subrecipients through subawards and incur administrative costs to execute the award. The subawards define the period of performance for subrecipients to spend these funds. Departmental administrative costs are considered obligated when the expenditure activity occurs. As such, the period of performance for administrative costs aligns with the project period start and end date. If the Department requires more than one year from the project period end date to liquidate allowable costs, it is required to notify the Grantor.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for LIHEAP.
Obligations
During state fiscal year 2024, the Department was required to obligate 90% of funds for the federal fiscal year 2023 award. This amount is reported on the Carryover and Reallotment Report. The Department was unable to provide documentation to support the amount of funds it obligated in the first year of the award. This issue is referenced in finding 2024-051.
Expenditures
During state fiscal year 2024, there were five awards with project end dates. We judgmentally selected and examined 21 expenditures charged to these awards. We found:
• Four (19%) expenditures for which the Department did not provide any documentation to support that the cost occurred during the period of performance
• Three (14%) expenditures for which the documentation the Department provided did not support that the costs occurred during the period of performance
The total costs associated with these seven expenditures are $1,010,249.
In addition, we analyzed expenditures charged to the awards in the accounting system and identified $1,346,137 of administrative activities that occurred after the period of performance.
Liquidations
There were two awards with liquidation periods ending during state fiscal year 2024. We judgmentally selected and examined eight expenditures the Department charged to grants that were liquidating funds during the audit period. We found:
• Three (38%) expenditures for which the Department did not provide any documentation to support that the cost occurred during the period of performance
• Two (25%) expenditures for which the documentation the Department provided did not support that the costs occurred during the period of performance
The total costs associated with these five expenditures are $1,916,227
In addition, we analyzed expenditures charged to the awards and identified $137,148 of administrative activities that occurred after the period of performance.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department misinterpreted the federal regulations, which led management to believe it was compliant with period of performance requirements.
Further, the Department did not provide us with all the documentation to demonstrate that the Department incurred the charges we examined during the period of performance.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it uses federal funds within the period of performance.
We identified $1,483,285 in known questioned costs for expenditures that occurred outside of the period of performance. We also identified $2,926,476 in known questioned costs for expenditures that did not have adequate support to determine if they were within the period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure it complies with period of performance requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department agrees with the internal control weaknesses identified in the report. However, for the contract periods included in this audit we were operating off of guidance received by the United State Department of Health and Human Services (HHS) in 2022. Directly following notification of this deficiency for this audit, we reached out to HHS to clarify the closeout year requirements. In December 2024 we received updated guidance on how to apply the closeout year to current awards.
Beginning with the 2024 program year (October 1, 2023), all subrecipient contracts were issued with a two-year period of performance, which will eliminate new expenses being added to the closeout year. This ensures that all LIHEAP awards will be managed within a consistent two-year period of performance, which aligns with the updated HHS guidance. All future LIHEAP awards will follow the same period of performance principle.
The Department will engage with the HHS to determine the appropriate next steps on how to handle the questioned costs.
The Department is committed to addressing the internal control weaknesses identified in the audit and will continue to strengthen its processes to ensure ongoing compliance with period of performance requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 45 CFR Part 96, section 81, Carryover and reallotment, establishes the procedures relating to carryover and reallotment of regular LIHEAP block grant funds
ACF Supplemental Terms and Conditions, LIHEAP, effective October 1, 2021, states in part:
9. Obligation Deadline:
a. The two-year funding (project) period for this award is concurrent with the obligation period: from the first day of the FFY for which these funds were awarded through the last day of the following FFY. (i.e., October 1, FFY 1 through September 30, FFY 2.) A maximum of 10 percent of the federal funds awarded under this grant may be held available for obligation in the FFY 2 of the project period. If more than 10 percent of a recipient's federal funds remains unobligated at the end of the FFY in which they were allotted, those excess funds must be returned to HHS and are subject to reallotment among all recipients in the next fiscal year. Any federal funds not obligated by the end of the two-year obligation period will be recouped by the Department.
b. Federal funds awarded under this grant must be expended for the purposes for which they were awarded and in payment for obligations made within the time period allotted.
10. Liquidation:
All properly obligated federal funds awarded under this grant must be liquidated in accordance with the recipient’s own fiscal control and funds control procedures. If the recipient requires more than 1 year from the project period end date to liquidate allowable costs, it shall notify the Grants Management Officer identified on its latest Notice of Award. The notification shall include the reason for the delay and the anticipated timeframe for liquidation. Any federal funds from this award not liquidated by the date required under the recipient’s own fiscal control procedures, which may not exceed five years following the fiscal year of award, will be recouped by this Department.
ACF-OCS-LIHEAP-IM-2024-04 LIHEAP Obligations, Expenditures, and Refunds, states in part:
Federal appropriations accounting law at 31 U.S.C. § 1502(a) states that the balance of an appropriation or fund limited for obligation to a definite period is available only for payment of expenses properly incurred during the period of availability or to complete contracts properly made within that period of availability. Grant recipients may not incur new expenditures beyond the period of performance unless necessary to liquidate obligations made during the period of performance under active agreements or subawards with partnering agencies. Grant recipients must liquidate obligations according to the same rules, including the timeframe, required of its own non-federal funding.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-051 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2301WALIEA; 2301WALIEE; 2301WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
The LIHEAP Carryover and Reallotment Report is used to indicate the amount expected to be carried forward for obligation in the following fiscal year and the planned use of those funds. The federal grantor specified there were two key lines items on the report that contained critical information: the carryover amount and the reallotment amount
In the first federal fiscal year after a grant is awarded, the Department must obligate at least 90% of the LIHEAP block grant funds. If funds are left over after the end of the first federal fiscal year, the Department must either return those funds or report the amount it intends to carry over and reallot. The Department must submit this report by August 1, indicating the amount it expects to carry forward for obligation in the following fiscal year and its planned use of those funds.
To complete this report, the Department’s budget unit staff is responsible for reviewing the support and compiling the reported amounts. They are also responsible for completing, reviewing, and approving the report. Program staff are responsible for submitting the report.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for LIHEAP.
The Department reported that there were no funds for reallotment and there was $6,033,389 for carryover from the fiscal year 2023 award. The Department created a spreadsheet with manual inputs to calculate the carryover amount. However, the Department was unable to provide the source documentation to support the amounts on the spreadsheet. As a result, the Department was unable to demonstrate that this reported amount was accurate.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department stated they experienced turnover with key staff responsible for preparing the report. Specifically, the budget staff who had prepared the report in past years left the Department. Instead of budget staff preparing and submitting the report, the program manager, who is not normally involved in this process, was tasked with completing and submitting this report without adequate guidance or oversight by management. The Department stated the staffing changes, combined with duties not being assigned, led to process changes from previous years which resulted in the deficiencies identified.
The Department also did not have written policies or procedures on how to prepare, review and submit this report.
Effect of Condition
Since the Department did not retain supporting documentation and source data for the reports, we were unable to verify whether the amounts the Department reported to the federal grantor were accurate.
Additionally, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance with reporting requirements by suspending or terminating the award, or withholding future awards, should it choose to do so.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure the report is accurate
• Ensure management reviews reports before submission
• Establish written policies and procedures on how to complete the report
• Retain adequate supporting documentation for the report
• Consult with the federal grantor to determine if it should revise and resubmit the report
Department’s Response
The Department agrees with this finding, and is taking the following actions in response:
• Developing procedural documents that articulate roles and responsibilities, and documentation retention requirements.
• Escalation processes that support resolution of any discrepancies in data.
• Implementing a recurring reconciliation processes to find and adjust errors as necessary.
• Updating agency policy to reflect uniform standards that are consistent with a singular interpretation of federal guidance.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Office of Management and Budget, 2024 Compliance Supplement, Assistance Listing 93.568 Low-Income Home Energy Assistance Program, describes the compliance requirements for special and performance reporting.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-052 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6,2101WALWC6, 2101WALWC5, 2201WALIEI,2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it executed the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The Department has two units – energy assistance and weatherization – that administer two different program activities. Each unit is responsible for complying with this reporting requirement and have similar processes for completing the reports. When a new or amended subaward is executed, program staff enter its information into the Department’s Contract Management System (CMS). Program staff use the information in the CMS to complete the report. There were a total of 115 awards and amendments that the Department was required to report in fiscal year 2024, totaling $102,300,556.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
During the audit period, the Department was required to report 115 new and amended subawards totaling about $102 million in program funds. We used a nonstatistical sampling method to randomly select and examine 17 out of the total population of 115 subawards. We found that:
• The Department did not report three out of 17 (18%) subawards in FSRS. The Department asserted it submitted the subawards included in one Federal Funding Accountability and Transparency Act report, but did not retain a copy of the report and was unable to retrieve it from FSRS. We attempted to locate these three subawards at USAspending.gov to verify submission but were unable to do so.
• One out of 17 (6%) subawards reported an incorrect subaward amount
• Two out of 17 (12%) subawards reported the incorrect subrecipient name and unique entity identifier
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate processes in place to ensure it reported the correct information and retained documentation for audit purposes.
For the three subawards not retained, Department management said another staff member submitted this report instead of the program manager. This person no longer works at the Department and the program manager does not have access to their FSRS account.
For the three subawards with incorrect information, internal controls were insufficient to ensure the Department correctly entered the information into the CMS.
Effect of Condition
Failing to properly submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines
• Ensure it retains copies of completed reports after submitting
• Ensure it correctly enters subaward details into the CMS
Department’s Response
Commerce concurs with the finding and will work with budget staff to ensure that Notice of Funding Available (NOFA) information is entered into CMS accurately when it is received.
Program staff enter dollar amounts for contracts and amendments into CMS and budget staff enter the Federal Awards information from the NOFA into CMS. Department staff will look into this process and evaluate updating the data entry process to eliminate the possibility of errors in the entry process.
The FFATA Sub Reporting System (FSRS) does not allow users to review reports that were submitted by other users without the request of account migration. The reports could not be provided due to this restriction of the system. The FSRS system is currently being removed and updated to a different site. In the meantime, Department staff will request account migration of previous users to gain access to previously submitted reports.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.
3. What to report. You must report the information about each obligatory action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-053 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6,2101WALWC6, 2101WALWC5, 2201WALIEI,2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Finding 2023-055
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
The Department is required to collect and report program information through various reports.
LIHEAP Performance Data Form
The LIHEAP Performance Data Form has two modules. Module 1 is the Grant Recipient Survey that collects and reports data on sources and uses of LIHEAP funds. Module 2 is the performance measures used to report data on energy burden targeting and reduction, as well as the continuity of home energy services. The Grant Recipient Survey obligation amounts should be compared with the Carryover and Reallotment and SF-425 reports. This reconciliation is needed to ensure the obligated balances for the program year being tested are accurate.
The key line items include:
• “Uses of Funds” represent a state’s obligation of federal LIHEAP funds, not expenditure of federal LIHEAP funds. In some cases, obligated funds are not actually expended until after the end of the federal fiscal year.
• The total “Uses of Funds” (shown in Item 45 of Section IV) should equal the total “Sources of Funds” (shown in Item 16 of Section III).
• “Other LIHEAP assistance” would include federal LIHEAP funds used to provide “other crisis assistance,” such as furnace or air conditioner repairs or replacements.
Annual Report on Households Assisted by LIHEAP
The Annual Report on Households is used to report data on the number, income levels and demographic information on both households assisted and households applying for assistance.
Both reports are required to separate the data by regular LIHEAP funding and additional LIHEAP funding under the Coronavirus Aid, Relief, and Economic Security (CARES) Act, and the American Rescue Plan Act of 2021 (ARPA).
Quarterly Performance and Management Report
The Quarterly Performance and Management Report requires the Department to report aggregated data on total households assisted, performance management metrics and estimated uses of LIHEAP funds, along with some narrative information about program implementation and support.
The Department maintains a LIHEAP database that stores recipient information used to complete many sections of these reports. Department staff rely on reports with preset criteria from this database to pull necessary information.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for LIHEAP. The prior finding numbers were 2023-055, 2022-039 and 2021-032.
Description of Condition
The Department did not have adequate internal controls over and did not comply with the reporting requirements for LIHEAP.
To ensure the data pulled from the LIHEAP database is accurate and complete, we reviewed the stored procedures for generating the reports. We found that there were errors in the logic that caused these reports to not capture the correct program data that should have been reported to the federal grantor.
We reviewed the LIHEAP Performance Data Form and Annual Report on Households Assisted for the federal fiscal year ending September 30, 2023. In addition, we reviewed the four Quarterly Performance and Management Reports that the Department submitted during the audit period. We examined each report and attempted to recalculate the information reported using the supporting documentation used to prepare the reports and data from the LIHEAP database.
We identified the following discrepancies:
LIHEAP Performance Data Form
In Module 1 Estimated Uses of LIHEAP Funds, 15 of the 21 fields had discrepancies:
• Eight of 21 (38%) fields were inaccurate. The range of variance on what was reported and what was supported was between -$5,699,151 and $96,661.
• The Department was unable to provide support for seven of 21 (33%) fields
Furthermore, we found a discrepancy of $1,945,675 between the total source of funds in section III and the total use of funds in section IV where these amounts should match.
Lastly, the amount reported for obligations on the Performance Data Form did not reconcile to the amounts reported on both the Carryover and Reallotment and the SF-425 reports. The Department reported $99,468,214 in total obligations on the Performance Data Form and $101,962,464 on the Carryover and Reallotment and SF-425 reports for a difference of $2,494,250.
Annual Report on Households Assisted by LIHEAP
• Ten of 14 (71%) fields we examined were inaccurate.
• The differences in the amounts reported and data from the LIHEAP database were between 6322 households underreported to 35 households overreported.
Quarterly Performance and Management Report
• Sections 1, Total Households Assisted and 2, Performance Management:
o For 2023 Q3 we determined that three out of three (100%) fields were inaccurate.
The difference between values reported and data provided were between 103 to 3924 households underreported.
o For 2023 Q4 we determined that three out of three (100%) fields were inaccurate.
The difference between values reported and data provided were between one to 451 households underreported.
• Section 3, Estimated Uses of Funds:
o For the 2023 Q3 & Q4 reports there was a difference of -$7,286,259 in the reported amount of funds obligated with the amount in documentation provided.
o For the 2024 Q1 & Q2 reports there was a difference of -$8,528,492 in the reported amount of funds obligated with the amount in documentation provided.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
For all three reports, there were errors in the logic used to pull data from the LIHEAP Database that caused sections of these reports to contain inaccurate data. The Department did not detect these errors before the audit. In addition, management did not ensure they properly reviewed and approved these reports before the Department submitted them.
In response to the prior year finding, the Department began to retain source documentation used at the time of completing these reports. However, for the Quarterly Performance Management Report, the Department had already completed two of the quarterly reports before implementing this new process. Therefore, current data from the LIHEAP database was used to test these two quarters and since this is real-time data that can change over time without the ability to track changes, the data used to verify the reported amounts has changed since the time of report submission.
Department officials also said the agency is understaffed and experienced turnover among key personnel, including management, who are involved in preparing and submitting the reports.
Effect of Condition
By not establishing proper logic to pull data from the LIHEAP database, the Department cannot ensure the amounts reported to the federal grantor were complete and accurate.
Additionally, by not retaining supporting documentation and source data for the Quarterly Performance Management Report, management was unable to demonstrate the amounts the Department reported to the federal grantor were complete and accurate.
Finally, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance with reporting requirements by suspending or terminating the award, or withholding future awards, should it choose to do so.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure the reports are accurate and complete
• Establish effective internal controls to ensure that the LIHEAP Database reports are accurate and complete
• Ensure management reviews reports before submission
• Ensure it retains supporting documentation and real-time data used to prepare the reports
• Ensure all amounts reported align with reporting requirements and methodologies
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Department’s Response
We concur with the audit finding and are committed to implementing corrective actions to address the identified discrepancies. Program staff will work with the Financial Services Division (FSD) staff to enhance internal controls and ensure accurate reporting by requiring that all sections completed by budget staff be reviewed and approved by the Budget Manager for completeness and accuracy prior to submission to the program for entry into the Federal Reporting System. Additionally, budget and accounting staff and managers will ensure Module 1 of the LIHEAP Performance Data Form reconciles to the amounts reported on both the Carryover and Reallotment, and the SF-425 reports to prevent reporting inconsistencies.
As a result of the deficiencies identified, information technology (IT) staff conducted a thorough review of the LIHEAP Admin Report 706 – LIHEAP AT 2024 HHR Long Form FY 24 and identified errors affecting data accuracy. System updates were implemented to correct these issues and ensure alignment with the federal reporting guidelines. IT staff will continue to monitor and refine data processes to improve accuracy and consistency. These efforts will ensure that LIHEAP reports remain complete, accurate, and compliant with federal reporting requirements.
It is important to note that quarterly reports are point-in-time counts and can change throughout the program year. The inaccuracies in the quarterly reports were due to the omission of LIHEAP Weatherization obligations. Following guidance from the U.S. Department of Health and Human Services program staff will include LIHEAP-Weatherization obligations for all future reporting.
To better explain some of the deficiencies reported, the period of performance audited is the state fiscal year which presents challenges in immediately implementing corrective actions. Each SAO audit covers two overlapping federal award periods which restricts our ability to make required changes until the next program cycle, as contracts and NOFA information are already executed when findings are issued. Despite this, the program is committed to integrating necessary corrections at the start of each new program year to improve the accuracy and completeness of LIHEAP reporting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart 342, Monitoring and reporting program performance, states in part:
b. Non-construction performance reports. The HHS awarding agency must use standard, OMB-approved data elements for collection of performance information (including performance progress reports, Research Performance Progress Report, or such future collections as may be approved by OMB and listed on the OMB Web site).
1. The non-Federal entity must submit performance reports at the interval required by the HHS awarding agency or pass-through entity to best inform improvements in program outcomes and productivity. Intervals must be no less frequent than annually nor more frequent than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes. Annual reports must be due 90 calendar days after the reporting period; quarterly or semiannual reports must be due 30 calendar days after the reporting period. Alternatively, the HHS awarding agency or pass-through entity may require annual reports before the anniversary dates of multiple year Federal awards. The final performance report will be due 90 calendar days after the period of performance end date. If a justified request is submitted by a non-Federal entity, the HHS awarding agency may extend the due date for any performance report.
Title 45 CFR Part 96, Subpart 82, Required report on households assisted, states in part:
a. Each grantee which is a State or an insular area which receives an annual allotment of at least $200,000 shall submit to the Department, as part of its LIHEAP grant application, the data required by section 2605(c)(1)(G) of Public Law 97-35 (42 U.S.C. 8624(c)(1)(G)) for the 12-month period corresponding to the Federal fiscal year (October 1 – September 30) preceding the fiscal year for which funds are requested. The data shall be reported separately for LIHEAP heating, cooling, crisis, and weatherization assistance.
Office of Management and Budget, 2024 Compliance Supplement, Assistance Listing 93.568 Low-Income Home Energy Assistance Program, describes the compliance requirements for special and performance reporting.
The U.S. Department of Health and Human Services, Division of Energy Assistance, Office of Community Services, Administration of Children and Families, provides the following reporting instructions:
• Instructions for the LIHEAP Performance Data Form for FFY 2023
• Instructions for the LIHEAP Household Report for FFY 2023 – Long Form
• Instructions for Completion of the Quarterly Performance and Management Report for the Low-Income Home Energy Assistance Program
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-054 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for the Low-Income Home Energy Assistance Program are clearly identified as subawards.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6, 2101WALWC6, 2101WALWC5, 2201WALIEI, 2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, 2023-056
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. During the audit period, the energy assistance program allocated funds to 26 subrecipients to assist low-income households with their energy costs, and the weatherization program allocated funds to 24 subrecipients for construction projects to increase the energy efficiency of homes and apartments. About 85% of LIHEAP funds go to the energy assistance program, with no more than 15% allocated for weatherization activities. Each program makes separate subawards to subrecipients.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified to a subrecipient as a subaward, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. The contract unit creates and maintains contract and subaward templates that programs use to draft contracts and subawards but is not involved in reviewing these subawards for compliance prior to execution. LIHEAP program management prepare and review subawards prior to execution to ensure all elements are included in the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for LIHEAP contained the federal award identification elements. The prior finding number was 2023-056.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for LIHEAP are clearly identified as subawards.
During the audit period, the Department executed 63 LIHEAP subawards for the energy assistance and weatherization programs. The Department uses the same process for these two programs to ensure the 14 federal award identification elements are included in the subawards. We used a nonstatistical sampling method to randomly select and examine 12 out of a total population of 63.
We found that seven subawards (58%) for energy assistance did not clearly identify the subaward as such to the subrecipient. On the face sheet of these subawards there are boxes to identify if the agreement is for a subrecipient or contract. For these seven awards, the Department identified it was for a contractor instead of a subrecipient even though the fields on the face sheet use the term “grantee.” In addition, for these seven agreements, the page following the face sheet in the agreement is a sheet titled "Contract Information Sheet." This sheet refers to the subrecipient as a contractor and continues to use the terms contract and contractor throughout the remainder of the agreement.
All seven of the agreements are also titled as “Federal Client Service Contract.” Washington state law has specific guidance and requirements related to client service contracts that are not consistent with requirements for subawards.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The program manager for energy assistance believed these award recipients to be contractors instead of subrecipients. In addition, the contract and subaward templates created by the contract unit at the Department use consistent language throughout, but the program manager edited the templates, resulting in inconsistent language.
Effect of Condition
By not correctly identifying the award as a subaward, the Department cannot ensure the subrecipient will comply with federal subrecipient requirements.
Recommendation
We recommend the Department establish policies and procedures and provide training for staff to ensure subawards are clearly identified as such to subrecipients. In addition, we recommend the Department consider incorporating the contracts unit when reviewing draft contracts and subawards.
Department’s Response
The Department acknowledges the SAO finding but clarifies that the terminology used in subawards was not the result of a program manager’s independent modifications, the term “contractor” is included in Department contracts to refer to the entity the Department is contracting with, it was not used to designate the federal recipient type. Department templates used for subrecipient awards have been updated to include a designation of contractor or subrecipient.
For all future contracts, the LIHEAP program will ensure the applicable contract templates are used to include the federal recipient type and all of the requirements for pass through entities.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
a. Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. …
Title 45 CFR Part 75, section 2, Definitions, state, in part:
These are the definitions for terms used in this part. Different definitions may be found in Federal statutes or regulations that apply more specifically to particular program or activities. These definitions could be supplemented by additional instructional information provided in in governmentwide standard information collections.
Contract means a legal instrument by which a non-Federal entity purchases property or services needed to carry out the project or program under a Federal award. The term as used in this part does not include a legal instrument, even if the non-Federal entity considers it a contract, when the substance of the transaction meets the definition of a Federal award or subaward (see Subaward).
Contractor means an entity that receives a contract as defined in Contract.
Subaward means an award provided by a pass-through entity to a subrecipient for the subrecipient to carry out part of a Federal award received by the pass-through entity. It does not include payments to a contractor or payments to an individual that is a beneficiary of a Federal program. A subaward may be provided through any form of legal agreement, including an agreement that the pass-through entity considers a contract.
Subrecipient means a non-Federal entity that receives a subaward from a pass-through entity to carry out part of a Federal program; but does not include an individual that is a beneficiary of such program. A subrecipient may also be a recipient of other Federal awards directly from a Federal awarding agency.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 39 Revised Code of Washington, Chapter 39.26, Procurement of Goods and Services, contains guidance on the procurement of goods and services, including for client service contracts.
2024-055 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Low Income Home Energy Assistance program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6, 2101WALWC6, 2101WALWC5, 2201WALIEI, 2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The subrecipients included on this list are provided to the Internal Control Office by program staff.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the LIHEAP received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit period, the spreadsheet used to monitor compliance with these requirements included seven LIHEAP subrecipients. By reviewing prior year LIHEAP expenditures, we determined there were 33 LIHEAP subrecipients that may have been required to receive a single audit. We requested the Department verify this number, but did not receive a confirmation. As a result, we concluded the Department did not properly track 26 out of these 33 subrecipients to review the subrecipients’ audits for program-funded findings and completion of required management decisions, if applicable.
In addition, we found one subrecipient received a LIHEAP finding requiring a management decision letter. This subrecipient was not tracked on the spreadsheet and no letter was issued by the end of the audit period, 14 months after the report was accepted into the Federal Audit Clearinghouse.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Internal Control Office staff responsible for ensuring compliance received a list of subrecipients from program staff, but did not verify that the list was complete. Therefore, the list provided by program staff was tracked, but not the remaining subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients received single audits when they were required. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the Department:
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to
determine if any additional subrecipients are required to take corrective action to address
audit recommendations
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients
and issues written management decisions, as required
• Ensure subrecipients develop and take acceptable corrective actions to adequately address
all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department appreciates the review of the single audit verification process but respectfully disagrees with information reported in the finding. The Internal Controls Office (ICO) implemented strong internal controls in 2022 to monitor and verify single audit reporting. This is supported by fiscal year 2023 opinions issued which found no deficiencies. During the current audit the auditor in charge changed three times leading to issues in understanding of the monitoring process. Additionally, a total of eight subrecipients were selected for testing of management decisions, however, seven of those selected were drawn inaccurately and not applicable for testing at Commerce.
The process to identify, review, verify and document subrecipients who meet the federal single audit reporting requirements in comprehensive but relies on information provided from internal programs. ICO staff generate a Contracts Management System (CMS) report, an Agency Financial Reporting System (AFRS) report to identify federally funded subrecipients then confirm then with program staff. The process largely relies on our program partners to confirm their list of subrecipients.
As referenced in the current year LIHEAP finding for subrecipient monitoring subaward language, most of the subrecipients were identified as contractors who are exempt from federal reporting resulting in the ICO receiving an incomplete list of subrecipients to verify. A total of eight LIHEAP recipients were verified as they received funding and were confirmed as subrecipients of other programs. After receiving the updated list of subrecipients in October 2024, ICO staff verified all but three, of those, two did not meet the reporting threshold and one report we are requesting to obtain from the entity. The Department acknowledges internal controls need to be strengthened in the determination of recipient type.
As a result of staffing shortages, the management decision letter tested was not issued within the six month requirement. We have worked on addressing the staffing shortages and will continue to strengthen controls and compliance when deficiencies are identified.
Auditor’s Remarks
The original testing selections sent to the Department did include seven Department subrecipients that did not have findings related to the LIHEAP program, but these were removed from the testing population once this was identified during the normal audit process and they were not included in our reported results.
We appreciate the Department acknowledges that it did not monitor the single audit requirement for all LIHEAP subrecipients during the audit period and that the only subrecipient with a LIHEAP finding did not receive a management decision letter. We also appreciate the Department’s commitment to strengthening its control processes to ensure it has a full population of subrecipients that are required to be monitored for compliance.
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $6,000
Prior Year Audit Finding: Yes, Finding 2023-066
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.8 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink.
When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice containing billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2023-066, 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
We used a statistical sampling method to randomly select and examine 58 out of 1,084 foster care payments for travel and family time visits. Of the payments examined, we identified four payments costing $6,000 that lacked adequate documentation to support the amount of travel and family time visits being reimbursed.
We also found the Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition and Questioned Costs
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported. We are questioning the $6,000 in unsupported payments and estimate likely questioned costs to be $20,277.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(a)(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In response to the prior year’s audit, the Contracts Compliance Team, hired two new staff in the last half of calendar year 2023 dedicated to reviewing all regional child welfare client service contracts including family time visit payments. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began reviews of family time visit payments in November 2023. Due to staff resources and the number of contracts, the on-site compliance visits were completed for 44 of the 52 family time contracts in the past two fiscal years. On-site compliance visits are performed on a four year cycle and the Department strives to have all contracts reviewed in state fiscal year 2025.
The Department implemented a new process for creating Sprout invoices from family time activity data during the prior audit period. This process included utilizing algorithms to identify reimbursement outside of reasonable amounts, requiring providers to submit additional documentation or explanation for flagged invoices, and implementing a re-run process to identify duplicate billings. The Department also implemented additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment.
Between January and March 2024, the Department identified and implemented regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported. The Department experienced errors from new staff during the roll-out phases and as part of the Plan, Do, Check, Act (continuous quality improvement process) additional steps were added to the process to ensure payments were accurate. The Department will continue to strengthen internal controls around the review and payment for family time activities and invoices.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-067
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.9 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists gather information from a variety of sources to determine the support level of the child or youth. To ensure maintenance payments are accurate and allowable, the specialists enter the data gathered into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate to meet a child’s needs. Prior to payment, a supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program. The prior finding number was 2023-067.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 29,392 made during the audit period to ensure that the payments are allowable and accurate. We found that the Department did not perform six-month reviews of the reimbursement rates for two payments. This prevented the Department from ensuring it can provide accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not implement some internal control improvements until June 2024.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective June 2024 and as part of the implementation of the new rate assessment process, the Department took the following actions:
• Published a new report in FamLink to assist rate assessors in identifying:
o Six-month reviews that have not been performed timely.
o Cases with upcoming rate assessments and due dates for reviews.
• Implemented monthly tracking by supervisors to assist with internal controls and compliance.
The new tracking report has been helpful in identifying when cases are coming due, when they are overdue, and when they are missing. However, there were errors in the functionality of the report that were identified during the first sixth months the report was used. These errors led to placement resources specialists and their supervisors not having an accurate tool to appropriately identify all cases in need of a resource level determination. Placement resources specialists struggled to properly utilize the new report and as part of the Plan, Do, Check, Act (CQI process) additional steps were added to the process to assist with ensuring the reports were accurate and additional training was provided to staff to ensure they were supported.
During the audit period, the Department expanded level determinations to include unlicensed kinship caregivers for the purpose of providing support which increased the number of resource level determinations and substantially increased workload for the placement resources specialists. In addition, when reviewing the number of cases that are missing rate assessments, many of the cases are for Tribal Dependent Youth for Tribes that have made the decision to do their own level determinations. Tribes are sovereign nations, and we partner with them in this space. We continue to work with Tribes to help determine the best way to support them in completing timely rate assessments.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, establishes rate assessment requirements for the program.
Washington Administrative Code 110-50-0440, Foster care maintenance payment and standardized assessment tool, establishes rate assessment requirements for the program.
2024-068 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-065
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35%, 25% and 40%, respectively, that will total 100%. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2024, the Department allocated about $21 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with certain requirements of its PACAP. The prior finding numbers were 2023-065 and 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (August 2023).
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part:
FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-069 The Department of Children, Youth, and Families did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST; 2402 WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,493
Prior Year Audit Finding: Yes, Finding 2023-068
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Individuals
To be eligible to receive foster care benefits a child must meet specific eligibility requirements including the former Aid to Families with Dependent Children (AFDC) criteria. To meet the AFDC criteria, the child must be in need and deprived of parental support or have a principal wage earner parent who is unemployed.
The Department performs reviews of Title IV-E specialists’ cases to verify that all IV-E cases that are worked, are determined properly. During the audit period the Department had two processes. For the first quarter the Department had supervisors review 2 cases for each Title IV-E specialist they supervised. For the remaining three quarters of our audit period the Department had reimplemented their old process of quarterly peer reviews, where the Title IV-E specialist's review other regions Title IV-E Specialists’ cases to verify that specialists are determining eligibility properly.
Background Checks
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers’ households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results the name-based check, the Department shall provide a complete set of each adult resident’s fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
To ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children the Department verifies that the facility is compliant and that background checks were completed before providing them with a license number.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $163.9 million in federal grant funds. This included about $39.1 million for payments to providers for direct client services, with $1.1 million paid to licensed group care facilities and $16.9 million paid to foster family homes.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children. The prior finding numbers were 2023-068 and 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Individuals
The supervisor and peer reviews were not in place throughout the audit period and were not working as intended. We found the Department did not retain monthly supervisor reviews for the first quarter for two of its six regions. We also found the Department did not perform peer reviews in the second quarter.
We used a statistical sampling method to randomly select and examine 59 out of a total population of 465 children to determine whether they were eligible for the Foster Care program. We found one child who was not eligible, but for whom the Department paid $3,493 in benefits on behalf of using Foster Care program funds.
Background Checks
We used a statistical sampling method to randomly select and examine 57 out of a total population of 1,174 foster home new licenses and relicenses. We found that one foster home operated without a valid license for two months.
In addition, we used a statistical sampling method to randomly select and examine 58 out of a total population of 2,064 employees and household members who required background checks and found:
• Two individuals had background checks that were late with one being nine days after placement and the other being six months late
• Four of the individuals were missing fingerprint background checks
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
Cause of Condition
Individuals
The Department did not include all assets of the family’s resources when calculating the child’s AFDC eligibility resulting in an ineligible client being paid with federal grant funds.
Background Checks
The Department processes over 50,000 background checks annually, with more than 60% processed in an information technology (IT) system that lacks the capability to track an individual’s status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
Additionally, Department management did not monitor to ensure internal controls were sufficient to ensure compliance and that they were being followed.
Effect of Condition and Questioned Costs
Individuals
The Department improperly determined eligibility for one individual leading to known questioned costs of $3,493. We used a nonstatistical sampling method and estimate likely questioned costs to be $33,335.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Background Checks
By not ensuring everyone had cleared background checks before having unsupervised access to children, children may be in unsafe environments that affect their health and safety.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure everyone has cleared background checks before having unsupervised access to children
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As to the State Auditor’s Office (SAO) specific findings, the Department concurs and offers the following detail:
Individuals
The Department concurs that eligibility was improperly determined for one individual during the audit period. Upon notification, the Department processed a correction and returned the federal funds to the grantor. In addition, the Department has made updates to the peer review process to ensure that a sample of cases are reviewed quarterly and all documentation for the reviews are properly retained.
Background Checks
The Department concurs that six background checks were not conducted as required. As stated in the Cause of Condition, the current information technology (IT) system lacks the capability to track an individual’s background check status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
To improve compliance, in January 2024, the Department started shifting its practice to conduct National Crime Information Center (NCIC) background checks for more placements, which will help ensure background checks are completed prior to placement. The Department will continue communication and training for staff on this new process and clarify when this process is applicable. The Department appreciates the SAO’s insights and remains committed to strengthening our processes to ensure compliance with all background check requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
RCW 43.43.837, Fingerprint-based checks – Requirements for applicants and service providers – Shared background checks-Fees-Rules to establish financial responsibility
RCW 74.15.110, Renewal of licenses.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks.
2024-070 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-069
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2024, about 8,000 children were in Washington’s foster care system. In fiscal year 2024, the Department spent about $164 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding numbers were 2023-069 and 2022-051.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 126 lines in aggregate, and ten (8%) of the lines were incorrect.
During our review of the four quarterly reports, we found that all of them contained inaccuracies. Of the 161 reported line items we examined, 141 were related to expenditure amounts and the other 20 were related to child counts.
• The Department misreported 16 expenditure line items
o Eight of these lines were misreported, ranging between ($4,389) and $373. Of the eight identified, two lines had incorrect expenditures that reported to the other six lines through subtotals.
o For the remaining eight expenditure line items, we were unable to determine the accuracy of the reported expenditures.
• The Department also misreported eight line items related to child counts
o Six of these were input incorrectly ranging between (28) and ten children.
o For the remaining two line items, we were unable to determine the accuracy of the child count reported.
We consider these internal control deficiencies to be a material weakness which resulted in material noncompliance.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. The Department did not create accurate crosswalks to ensure reports were run properly and, although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management said that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendation
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department concurs that crosswalks were not reflective of the CB-496 instructions by line during the audit period. The crosswalks properly reflected the financial coding to run accurate reports, except for the splitting of administrative costs into separate lines on the report as outlined in the HHS published instructions.
Inaccurate Reports
SAO stated the Department misreported its program expenditures during the audit period. The Department concurs and offers the following:
• The FFY23 Quarter 4 report was overstated by $373.
• The FFY24 Quarter 1 report was understated by $4,389.
• The FFY24 Quarter 2 and FFY24 Quarter 3 report expenditures were accurate, but the data was not split between the correct administrative reporting lines. This error does not have an effect on the overall administrative expenditures reported to HHS.
The Department manages reporting for the Title IV-E program of $164 million per fiscal year. In proportion to the total expenditures reported, the reporting error identified by SAO is .0025%. The Department will submit a correction to the federal partner during the next reporting period and is committed to strengthening our internal review processes to ensure quarterly reports are completed accurately.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
a. Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
3. The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-071 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Payment Rate Setting and Application
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $15.4 million for foster care maintenance payments.
The Department must establish payment rates for maintenance payments (for example, payments to foster parents, childcare institutions or directly to youth). The Department’s state plan approved by the Administration for Children and Families must provide for periodic review of payment rates for foster care maintenance payments at reasonable, specific, time-limited periods established by the Department to ensure the rate’s continuing appropriateness for the administration of the Title IV-E program. One of seven levels of maintenance payment amounts are assigned to each child based on a variety of factors such as medical needs. Each of the levels includes an overall increase of $342.50 from the previous level. In fiscal year 2024, the Department recalculated its Foster Care maintenance payment rates. The different rate level increases were between $50 and $1,302 per month.
The Department has established rate structures for regular foster care maintenance payments, Behavioral Rehabilitation Service, and administrative service and management fees. The Department performs an economic analysis every four years to determine rates.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
The Department did not have written policies and procedures to ensure it established maintenance payment rates exclusively for allowable, reasonable and necessary activities. During the audit, we reviewed the rate elements the Department used to determine the final maintenance rates. We identified several elements that, in our judgment, appeared to be unnecessary or unreasonable, including:
• Apps/games/ringtones for handheld devices
• Multiple entertainment and recreation costs such as:
o TV/video/audio
o Satellite dishes
o Exercise equipment and gear/game tables
o Video game software
o Streaming/downloaded audio
o Stamp and coin collecting
o Online gaming services
• Food that did not appear to be suitable for children’s activities such as coffee, soda and other carbonated drinks, and sweets
• Baby food included in the calculation for older children
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have written policies and procedures and had no documentation to demonstrate how each rate element above was reasonable and allowable. In addition, the state plan did not reference any policies, laws or regulations regarding how rates should be calculated; it only referenced a policy stating that rates must be recalculated every four years.
In addition, the Department had a two-year moratorium on policies and procedures for the agency. The Department began working on a policy related to Rates, but this work has been delayed due to staff turnover and available resources.
Effect of Condition
After removing the elements described above, rates for level one payments were roughly $50 less than what the Department determined. The Basic Rate difference was $49.79 for children up to five years old, $50.27 for children aged six to 11 years, and $52.29 for children aged 12 years and older. Additionally, the Department could not support the overall increase of $342.50 for each level.
For levels higher than the basic rate, the Department was unable to support the increases, leading to the Department potentially paying more than allowable.
Recommendation
We recommend the Department develop and implement written policies and procedures for setting payment rates to ensure established foster care maintenance payment rates only include allowable costs.
Department’s Response
The Department concurs that policies and procedures related to rate setting for Foster Care maintenance payment are not currently established. Due to limited staffing resources, in September 2024, the Department submitted a budget request for the 2025 supplemental budget. The request included funding for a contractor to establish a formal governance process, policies and procedures, and create a public rate setting calendar and feedback structure for Department rate setting activities. This budget request was not funded by the Legislature.
In February 2025, the Department met with the SAO to gather an understanding of concerns and how reasonable and allowable rates could be documented to assist with compliance. The Department is committed to strengthening internal controls and complying with federal requirements and will prioritize establishing policies and procedures for rate setting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart E-Cost Principles
Title 45 CFR Part 75, Subpart F-Audit Requirements, establishes standards for obtaining consistency and uniformity among HHS agencies for the audit of non-Federal entities expending Federal awards.
Title 42 U.S. Code Chapter 7, Social Security Subchapter IV –Grants to States for Aid and Services to Needy Families with Children and for Child-Welfare Services. Section 675 Definitions Part 4 states in part:
4. The term “foster care maintenance payments” means payments to cover the cost of (and the cost of providing) food, clothing, shelter, daily supervision, school supplies, a child’s personal incidentals, liability insurance with respect to a child, reasonable travel to the child’s home for visitation, and reasonable travel for the child to remain in the school in which the child is enrolled at the time of placement. In the case of institutional care, such term shall include the reasonable costs of administration and operation of such institution as are necessarily required to provide the items described in the preceding sentence.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $6,000
Prior Year Audit Finding: Yes, Finding 2023-066
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.8 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink.
When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice containing billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2023-066, 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
We used a statistical sampling method to randomly select and examine 58 out of 1,084 foster care payments for travel and family time visits. Of the payments examined, we identified four payments costing $6,000 that lacked adequate documentation to support the amount of travel and family time visits being reimbursed.
We also found the Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition and Questioned Costs
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported. We are questioning the $6,000 in unsupported payments and estimate likely questioned costs to be $20,277.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(a)(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In response to the prior year’s audit, the Contracts Compliance Team, hired two new staff in the last half of calendar year 2023 dedicated to reviewing all regional child welfare client service contracts including family time visit payments. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began reviews of family time visit payments in November 2023. Due to staff resources and the number of contracts, the on-site compliance visits were completed for 44 of the 52 family time contracts in the past two fiscal years. On-site compliance visits are performed on a four year cycle and the Department strives to have all contracts reviewed in state fiscal year 2025.
The Department implemented a new process for creating Sprout invoices from family time activity data during the prior audit period. This process included utilizing algorithms to identify reimbursement outside of reasonable amounts, requiring providers to submit additional documentation or explanation for flagged invoices, and implementing a re-run process to identify duplicate billings. The Department also implemented additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment.
Between January and March 2024, the Department identified and implemented regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported. The Department experienced errors from new staff during the roll-out phases and as part of the Plan, Do, Check, Act (continuous quality improvement process) additional steps were added to the process to ensure payments were accurate. The Department will continue to strengthen internal controls around the review and payment for family time activities and invoices.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-067
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.9 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists gather information from a variety of sources to determine the support level of the child or youth. To ensure maintenance payments are accurate and allowable, the specialists enter the data gathered into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate to meet a child’s needs. Prior to payment, a supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program. The prior finding number was 2023-067.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 29,392 made during the audit period to ensure that the payments are allowable and accurate. We found that the Department did not perform six-month reviews of the reimbursement rates for two payments. This prevented the Department from ensuring it can provide accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not implement some internal control improvements until June 2024.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective June 2024 and as part of the implementation of the new rate assessment process, the Department took the following actions:
• Published a new report in FamLink to assist rate assessors in identifying:
o Six-month reviews that have not been performed timely.
o Cases with upcoming rate assessments and due dates for reviews.
• Implemented monthly tracking by supervisors to assist with internal controls and compliance.
The new tracking report has been helpful in identifying when cases are coming due, when they are overdue, and when they are missing. However, there were errors in the functionality of the report that were identified during the first sixth months the report was used. These errors led to placement resources specialists and their supervisors not having an accurate tool to appropriately identify all cases in need of a resource level determination. Placement resources specialists struggled to properly utilize the new report and as part of the Plan, Do, Check, Act (CQI process) additional steps were added to the process to assist with ensuring the reports were accurate and additional training was provided to staff to ensure they were supported.
During the audit period, the Department expanded level determinations to include unlicensed kinship caregivers for the purpose of providing support which increased the number of resource level determinations and substantially increased workload for the placement resources specialists. In addition, when reviewing the number of cases that are missing rate assessments, many of the cases are for Tribal Dependent Youth for Tribes that have made the decision to do their own level determinations. Tribes are sovereign nations, and we partner with them in this space. We continue to work with Tribes to help determine the best way to support them in completing timely rate assessments.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, establishes rate assessment requirements for the program.
Washington Administrative Code 110-50-0440, Foster care maintenance payment and standardized assessment tool, establishes rate assessment requirements for the program.
2024-068 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-065
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35%, 25% and 40%, respectively, that will total 100%. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2024, the Department allocated about $21 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with certain requirements of its PACAP. The prior finding numbers were 2023-065 and 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (August 2023).
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part:
FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-069 The Department of Children, Youth, and Families did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST; 2402 WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,493
Prior Year Audit Finding: Yes, Finding 2023-068
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Individuals
To be eligible to receive foster care benefits a child must meet specific eligibility requirements including the former Aid to Families with Dependent Children (AFDC) criteria. To meet the AFDC criteria, the child must be in need and deprived of parental support or have a principal wage earner parent who is unemployed.
The Department performs reviews of Title IV-E specialists’ cases to verify that all IV-E cases that are worked, are determined properly. During the audit period the Department had two processes. For the first quarter the Department had supervisors review 2 cases for each Title IV-E specialist they supervised. For the remaining three quarters of our audit period the Department had reimplemented their old process of quarterly peer reviews, where the Title IV-E specialist's review other regions Title IV-E Specialists’ cases to verify that specialists are determining eligibility properly.
Background Checks
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers’ households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results the name-based check, the Department shall provide a complete set of each adult resident’s fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
To ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children the Department verifies that the facility is compliant and that background checks were completed before providing them with a license number.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $163.9 million in federal grant funds. This included about $39.1 million for payments to providers for direct client services, with $1.1 million paid to licensed group care facilities and $16.9 million paid to foster family homes.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children. The prior finding numbers were 2023-068 and 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Individuals
The supervisor and peer reviews were not in place throughout the audit period and were not working as intended. We found the Department did not retain monthly supervisor reviews for the first quarter for two of its six regions. We also found the Department did not perform peer reviews in the second quarter.
We used a statistical sampling method to randomly select and examine 59 out of a total population of 465 children to determine whether they were eligible for the Foster Care program. We found one child who was not eligible, but for whom the Department paid $3,493 in benefits on behalf of using Foster Care program funds.
Background Checks
We used a statistical sampling method to randomly select and examine 57 out of a total population of 1,174 foster home new licenses and relicenses. We found that one foster home operated without a valid license for two months.
In addition, we used a statistical sampling method to randomly select and examine 58 out of a total population of 2,064 employees and household members who required background checks and found:
• Two individuals had background checks that were late with one being nine days after placement and the other being six months late
• Four of the individuals were missing fingerprint background checks
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
Cause of Condition
Individuals
The Department did not include all assets of the family’s resources when calculating the child’s AFDC eligibility resulting in an ineligible client being paid with federal grant funds.
Background Checks
The Department processes over 50,000 background checks annually, with more than 60% processed in an information technology (IT) system that lacks the capability to track an individual’s status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
Additionally, Department management did not monitor to ensure internal controls were sufficient to ensure compliance and that they were being followed.
Effect of Condition and Questioned Costs
Individuals
The Department improperly determined eligibility for one individual leading to known questioned costs of $3,493. We used a nonstatistical sampling method and estimate likely questioned costs to be $33,335.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Background Checks
By not ensuring everyone had cleared background checks before having unsupervised access to children, children may be in unsafe environments that affect their health and safety.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure everyone has cleared background checks before having unsupervised access to children
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As to the State Auditor’s Office (SAO) specific findings, the Department concurs and offers the following detail:
Individuals
The Department concurs that eligibility was improperly determined for one individual during the audit period. Upon notification, the Department processed a correction and returned the federal funds to the grantor. In addition, the Department has made updates to the peer review process to ensure that a sample of cases are reviewed quarterly and all documentation for the reviews are properly retained.
Background Checks
The Department concurs that six background checks were not conducted as required. As stated in the Cause of Condition, the current information technology (IT) system lacks the capability to track an individual’s background check status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
To improve compliance, in January 2024, the Department started shifting its practice to conduct National Crime Information Center (NCIC) background checks for more placements, which will help ensure background checks are completed prior to placement. The Department will continue communication and training for staff on this new process and clarify when this process is applicable. The Department appreciates the SAO’s insights and remains committed to strengthening our processes to ensure compliance with all background check requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
RCW 43.43.837, Fingerprint-based checks – Requirements for applicants and service providers – Shared background checks-Fees-Rules to establish financial responsibility
RCW 74.15.110, Renewal of licenses.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks.
2024-070 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-069
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2024, about 8,000 children were in Washington’s foster care system. In fiscal year 2024, the Department spent about $164 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding numbers were 2023-069 and 2022-051.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 126 lines in aggregate, and ten (8%) of the lines were incorrect.
During our review of the four quarterly reports, we found that all of them contained inaccuracies. Of the 161 reported line items we examined, 141 were related to expenditure amounts and the other 20 were related to child counts.
• The Department misreported 16 expenditure line items
o Eight of these lines were misreported, ranging between ($4,389) and $373. Of the eight identified, two lines had incorrect expenditures that reported to the other six lines through subtotals.
o For the remaining eight expenditure line items, we were unable to determine the accuracy of the reported expenditures.
• The Department also misreported eight line items related to child counts
o Six of these were input incorrectly ranging between (28) and ten children.
o For the remaining two line items, we were unable to determine the accuracy of the child count reported.
We consider these internal control deficiencies to be a material weakness which resulted in material noncompliance.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. The Department did not create accurate crosswalks to ensure reports were run properly and, although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management said that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendation
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department concurs that crosswalks were not reflective of the CB-496 instructions by line during the audit period. The crosswalks properly reflected the financial coding to run accurate reports, except for the splitting of administrative costs into separate lines on the report as outlined in the HHS published instructions.
Inaccurate Reports
SAO stated the Department misreported its program expenditures during the audit period. The Department concurs and offers the following:
• The FFY23 Quarter 4 report was overstated by $373.
• The FFY24 Quarter 1 report was understated by $4,389.
• The FFY24 Quarter 2 and FFY24 Quarter 3 report expenditures were accurate, but the data was not split between the correct administrative reporting lines. This error does not have an effect on the overall administrative expenditures reported to HHS.
The Department manages reporting for the Title IV-E program of $164 million per fiscal year. In proportion to the total expenditures reported, the reporting error identified by SAO is .0025%. The Department will submit a correction to the federal partner during the next reporting period and is committed to strengthening our internal review processes to ensure quarterly reports are completed accurately.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
a. Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
3. The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-071 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Payment Rate Setting and Application
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $15.4 million for foster care maintenance payments.
The Department must establish payment rates for maintenance payments (for example, payments to foster parents, childcare institutions or directly to youth). The Department’s state plan approved by the Administration for Children and Families must provide for periodic review of payment rates for foster care maintenance payments at reasonable, specific, time-limited periods established by the Department to ensure the rate’s continuing appropriateness for the administration of the Title IV-E program. One of seven levels of maintenance payment amounts are assigned to each child based on a variety of factors such as medical needs. Each of the levels includes an overall increase of $342.50 from the previous level. In fiscal year 2024, the Department recalculated its Foster Care maintenance payment rates. The different rate level increases were between $50 and $1,302 per month.
The Department has established rate structures for regular foster care maintenance payments, Behavioral Rehabilitation Service, and administrative service and management fees. The Department performs an economic analysis every four years to determine rates.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
The Department did not have written policies and procedures to ensure it established maintenance payment rates exclusively for allowable, reasonable and necessary activities. During the audit, we reviewed the rate elements the Department used to determine the final maintenance rates. We identified several elements that, in our judgment, appeared to be unnecessary or unreasonable, including:
• Apps/games/ringtones for handheld devices
• Multiple entertainment and recreation costs such as:
o TV/video/audio
o Satellite dishes
o Exercise equipment and gear/game tables
o Video game software
o Streaming/downloaded audio
o Stamp and coin collecting
o Online gaming services
• Food that did not appear to be suitable for children’s activities such as coffee, soda and other carbonated drinks, and sweets
• Baby food included in the calculation for older children
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have written policies and procedures and had no documentation to demonstrate how each rate element above was reasonable and allowable. In addition, the state plan did not reference any policies, laws or regulations regarding how rates should be calculated; it only referenced a policy stating that rates must be recalculated every four years.
In addition, the Department had a two-year moratorium on policies and procedures for the agency. The Department began working on a policy related to Rates, but this work has been delayed due to staff turnover and available resources.
Effect of Condition
After removing the elements described above, rates for level one payments were roughly $50 less than what the Department determined. The Basic Rate difference was $49.79 for children up to five years old, $50.27 for children aged six to 11 years, and $52.29 for children aged 12 years and older. Additionally, the Department could not support the overall increase of $342.50 for each level.
For levels higher than the basic rate, the Department was unable to support the increases, leading to the Department potentially paying more than allowable.
Recommendation
We recommend the Department develop and implement written policies and procedures for setting payment rates to ensure established foster care maintenance payment rates only include allowable costs.
Department’s Response
The Department concurs that policies and procedures related to rate setting for Foster Care maintenance payment are not currently established. Due to limited staffing resources, in September 2024, the Department submitted a budget request for the 2025 supplemental budget. The request included funding for a contractor to establish a formal governance process, policies and procedures, and create a public rate setting calendar and feedback structure for Department rate setting activities. This budget request was not funded by the Legislature.
In February 2025, the Department met with the SAO to gather an understanding of concerns and how reasonable and allowable rates could be documented to assist with compliance. The Department is committed to strengthening internal controls and complying with federal requirements and will prioritize establishing policies and procedures for rate setting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart E-Cost Principles
Title 45 CFR Part 75, Subpart F-Audit Requirements, establishes standards for obtaining consistency and uniformity among HHS agencies for the audit of non-Federal entities expending Federal awards.
Title 42 U.S. Code Chapter 7, Social Security Subchapter IV –Grants to States for Aid and Services to Needy Families with Children and for Child-Welfare Services. Section 675 Definitions Part 4 states in part:
4. The term “foster care maintenance payments” means payments to cover the cost of (and the cost of providing) food, clothing, shelter, daily supervision, school supplies, a child’s personal incidentals, liability insurance with respect to a child, reasonable travel to the child’s home for visitation, and reasonable travel for the child to remain in the school in which the child is enrolled at the time of placement. In the case of institutional care, such term shall include the reasonable costs of administration and operation of such institution as are necessarily required to provide the items described in the preceding sentence.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $6,000
Prior Year Audit Finding: Yes, Finding 2023-066
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.8 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink.
When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice containing billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2023-066, 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
We used a statistical sampling method to randomly select and examine 58 out of 1,084 foster care payments for travel and family time visits. Of the payments examined, we identified four payments costing $6,000 that lacked adequate documentation to support the amount of travel and family time visits being reimbursed.
We also found the Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition and Questioned Costs
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported. We are questioning the $6,000 in unsupported payments and estimate likely questioned costs to be $20,277.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(a)(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In response to the prior year’s audit, the Contracts Compliance Team, hired two new staff in the last half of calendar year 2023 dedicated to reviewing all regional child welfare client service contracts including family time visit payments. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began reviews of family time visit payments in November 2023. Due to staff resources and the number of contracts, the on-site compliance visits were completed for 44 of the 52 family time contracts in the past two fiscal years. On-site compliance visits are performed on a four year cycle and the Department strives to have all contracts reviewed in state fiscal year 2025.
The Department implemented a new process for creating Sprout invoices from family time activity data during the prior audit period. This process included utilizing algorithms to identify reimbursement outside of reasonable amounts, requiring providers to submit additional documentation or explanation for flagged invoices, and implementing a re-run process to identify duplicate billings. The Department also implemented additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment.
Between January and March 2024, the Department identified and implemented regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported. The Department experienced errors from new staff during the roll-out phases and as part of the Plan, Do, Check, Act (continuous quality improvement process) additional steps were added to the process to ensure payments were accurate. The Department will continue to strengthen internal controls around the review and payment for family time activities and invoices.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-067
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.9 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists gather information from a variety of sources to determine the support level of the child or youth. To ensure maintenance payments are accurate and allowable, the specialists enter the data gathered into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate to meet a child’s needs. Prior to payment, a supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program. The prior finding number was 2023-067.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 29,392 made during the audit period to ensure that the payments are allowable and accurate. We found that the Department did not perform six-month reviews of the reimbursement rates for two payments. This prevented the Department from ensuring it can provide accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not implement some internal control improvements until June 2024.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective June 2024 and as part of the implementation of the new rate assessment process, the Department took the following actions:
• Published a new report in FamLink to assist rate assessors in identifying:
o Six-month reviews that have not been performed timely.
o Cases with upcoming rate assessments and due dates for reviews.
• Implemented monthly tracking by supervisors to assist with internal controls and compliance.
The new tracking report has been helpful in identifying when cases are coming due, when they are overdue, and when they are missing. However, there were errors in the functionality of the report that were identified during the first sixth months the report was used. These errors led to placement resources specialists and their supervisors not having an accurate tool to appropriately identify all cases in need of a resource level determination. Placement resources specialists struggled to properly utilize the new report and as part of the Plan, Do, Check, Act (CQI process) additional steps were added to the process to assist with ensuring the reports were accurate and additional training was provided to staff to ensure they were supported.
During the audit period, the Department expanded level determinations to include unlicensed kinship caregivers for the purpose of providing support which increased the number of resource level determinations and substantially increased workload for the placement resources specialists. In addition, when reviewing the number of cases that are missing rate assessments, many of the cases are for Tribal Dependent Youth for Tribes that have made the decision to do their own level determinations. Tribes are sovereign nations, and we partner with them in this space. We continue to work with Tribes to help determine the best way to support them in completing timely rate assessments.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, establishes rate assessment requirements for the program.
Washington Administrative Code 110-50-0440, Foster care maintenance payment and standardized assessment tool, establishes rate assessment requirements for the program.
2024-068 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-065
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35%, 25% and 40%, respectively, that will total 100%. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2024, the Department allocated about $21 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with certain requirements of its PACAP. The prior finding numbers were 2023-065 and 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (August 2023).
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part:
FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-069 The Department of Children, Youth, and Families did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST; 2402 WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,493
Prior Year Audit Finding: Yes, Finding 2023-068
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Individuals
To be eligible to receive foster care benefits a child must meet specific eligibility requirements including the former Aid to Families with Dependent Children (AFDC) criteria. To meet the AFDC criteria, the child must be in need and deprived of parental support or have a principal wage earner parent who is unemployed.
The Department performs reviews of Title IV-E specialists’ cases to verify that all IV-E cases that are worked, are determined properly. During the audit period the Department had two processes. For the first quarter the Department had supervisors review 2 cases for each Title IV-E specialist they supervised. For the remaining three quarters of our audit period the Department had reimplemented their old process of quarterly peer reviews, where the Title IV-E specialist's review other regions Title IV-E Specialists’ cases to verify that specialists are determining eligibility properly.
Background Checks
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers’ households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results the name-based check, the Department shall provide a complete set of each adult resident’s fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
To ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children the Department verifies that the facility is compliant and that background checks were completed before providing them with a license number.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $163.9 million in federal grant funds. This included about $39.1 million for payments to providers for direct client services, with $1.1 million paid to licensed group care facilities and $16.9 million paid to foster family homes.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children. The prior finding numbers were 2023-068 and 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Individuals
The supervisor and peer reviews were not in place throughout the audit period and were not working as intended. We found the Department did not retain monthly supervisor reviews for the first quarter for two of its six regions. We also found the Department did not perform peer reviews in the second quarter.
We used a statistical sampling method to randomly select and examine 59 out of a total population of 465 children to determine whether they were eligible for the Foster Care program. We found one child who was not eligible, but for whom the Department paid $3,493 in benefits on behalf of using Foster Care program funds.
Background Checks
We used a statistical sampling method to randomly select and examine 57 out of a total population of 1,174 foster home new licenses and relicenses. We found that one foster home operated without a valid license for two months.
In addition, we used a statistical sampling method to randomly select and examine 58 out of a total population of 2,064 employees and household members who required background checks and found:
• Two individuals had background checks that were late with one being nine days after placement and the other being six months late
• Four of the individuals were missing fingerprint background checks
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
Cause of Condition
Individuals
The Department did not include all assets of the family’s resources when calculating the child’s AFDC eligibility resulting in an ineligible client being paid with federal grant funds.
Background Checks
The Department processes over 50,000 background checks annually, with more than 60% processed in an information technology (IT) system that lacks the capability to track an individual’s status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
Additionally, Department management did not monitor to ensure internal controls were sufficient to ensure compliance and that they were being followed.
Effect of Condition and Questioned Costs
Individuals
The Department improperly determined eligibility for one individual leading to known questioned costs of $3,493. We used a nonstatistical sampling method and estimate likely questioned costs to be $33,335.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Background Checks
By not ensuring everyone had cleared background checks before having unsupervised access to children, children may be in unsafe environments that affect their health and safety.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure everyone has cleared background checks before having unsupervised access to children
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As to the State Auditor’s Office (SAO) specific findings, the Department concurs and offers the following detail:
Individuals
The Department concurs that eligibility was improperly determined for one individual during the audit period. Upon notification, the Department processed a correction and returned the federal funds to the grantor. In addition, the Department has made updates to the peer review process to ensure that a sample of cases are reviewed quarterly and all documentation for the reviews are properly retained.
Background Checks
The Department concurs that six background checks were not conducted as required. As stated in the Cause of Condition, the current information technology (IT) system lacks the capability to track an individual’s background check status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
To improve compliance, in January 2024, the Department started shifting its practice to conduct National Crime Information Center (NCIC) background checks for more placements, which will help ensure background checks are completed prior to placement. The Department will continue communication and training for staff on this new process and clarify when this process is applicable. The Department appreciates the SAO’s insights and remains committed to strengthening our processes to ensure compliance with all background check requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
RCW 43.43.837, Fingerprint-based checks – Requirements for applicants and service providers – Shared background checks-Fees-Rules to establish financial responsibility
RCW 74.15.110, Renewal of licenses.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks.
2024-070 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-069
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2024, about 8,000 children were in Washington’s foster care system. In fiscal year 2024, the Department spent about $164 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding numbers were 2023-069 and 2022-051.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 126 lines in aggregate, and ten (8%) of the lines were incorrect.
During our review of the four quarterly reports, we found that all of them contained inaccuracies. Of the 161 reported line items we examined, 141 were related to expenditure amounts and the other 20 were related to child counts.
• The Department misreported 16 expenditure line items
o Eight of these lines were misreported, ranging between ($4,389) and $373. Of the eight identified, two lines had incorrect expenditures that reported to the other six lines through subtotals.
o For the remaining eight expenditure line items, we were unable to determine the accuracy of the reported expenditures.
• The Department also misreported eight line items related to child counts
o Six of these were input incorrectly ranging between (28) and ten children.
o For the remaining two line items, we were unable to determine the accuracy of the child count reported.
We consider these internal control deficiencies to be a material weakness which resulted in material noncompliance.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. The Department did not create accurate crosswalks to ensure reports were run properly and, although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management said that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendation
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department concurs that crosswalks were not reflective of the CB-496 instructions by line during the audit period. The crosswalks properly reflected the financial coding to run accurate reports, except for the splitting of administrative costs into separate lines on the report as outlined in the HHS published instructions.
Inaccurate Reports
SAO stated the Department misreported its program expenditures during the audit period. The Department concurs and offers the following:
• The FFY23 Quarter 4 report was overstated by $373.
• The FFY24 Quarter 1 report was understated by $4,389.
• The FFY24 Quarter 2 and FFY24 Quarter 3 report expenditures were accurate, but the data was not split between the correct administrative reporting lines. This error does not have an effect on the overall administrative expenditures reported to HHS.
The Department manages reporting for the Title IV-E program of $164 million per fiscal year. In proportion to the total expenditures reported, the reporting error identified by SAO is .0025%. The Department will submit a correction to the federal partner during the next reporting period and is committed to strengthening our internal review processes to ensure quarterly reports are completed accurately.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
a. Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
3. The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-071 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Payment Rate Setting and Application
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $15.4 million for foster care maintenance payments.
The Department must establish payment rates for maintenance payments (for example, payments to foster parents, childcare institutions or directly to youth). The Department’s state plan approved by the Administration for Children and Families must provide for periodic review of payment rates for foster care maintenance payments at reasonable, specific, time-limited periods established by the Department to ensure the rate’s continuing appropriateness for the administration of the Title IV-E program. One of seven levels of maintenance payment amounts are assigned to each child based on a variety of factors such as medical needs. Each of the levels includes an overall increase of $342.50 from the previous level. In fiscal year 2024, the Department recalculated its Foster Care maintenance payment rates. The different rate level increases were between $50 and $1,302 per month.
The Department has established rate structures for regular foster care maintenance payments, Behavioral Rehabilitation Service, and administrative service and management fees. The Department performs an economic analysis every four years to determine rates.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
The Department did not have written policies and procedures to ensure it established maintenance payment rates exclusively for allowable, reasonable and necessary activities. During the audit, we reviewed the rate elements the Department used to determine the final maintenance rates. We identified several elements that, in our judgment, appeared to be unnecessary or unreasonable, including:
• Apps/games/ringtones for handheld devices
• Multiple entertainment and recreation costs such as:
o TV/video/audio
o Satellite dishes
o Exercise equipment and gear/game tables
o Video game software
o Streaming/downloaded audio
o Stamp and coin collecting
o Online gaming services
• Food that did not appear to be suitable for children’s activities such as coffee, soda and other carbonated drinks, and sweets
• Baby food included in the calculation for older children
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have written policies and procedures and had no documentation to demonstrate how each rate element above was reasonable and allowable. In addition, the state plan did not reference any policies, laws or regulations regarding how rates should be calculated; it only referenced a policy stating that rates must be recalculated every four years.
In addition, the Department had a two-year moratorium on policies and procedures for the agency. The Department began working on a policy related to Rates, but this work has been delayed due to staff turnover and available resources.
Effect of Condition
After removing the elements described above, rates for level one payments were roughly $50 less than what the Department determined. The Basic Rate difference was $49.79 for children up to five years old, $50.27 for children aged six to 11 years, and $52.29 for children aged 12 years and older. Additionally, the Department could not support the overall increase of $342.50 for each level.
For levels higher than the basic rate, the Department was unable to support the increases, leading to the Department potentially paying more than allowable.
Recommendation
We recommend the Department develop and implement written policies and procedures for setting payment rates to ensure established foster care maintenance payment rates only include allowable costs.
Department’s Response
The Department concurs that policies and procedures related to rate setting for Foster Care maintenance payment are not currently established. Due to limited staffing resources, in September 2024, the Department submitted a budget request for the 2025 supplemental budget. The request included funding for a contractor to establish a formal governance process, policies and procedures, and create a public rate setting calendar and feedback structure for Department rate setting activities. This budget request was not funded by the Legislature.
In February 2025, the Department met with the SAO to gather an understanding of concerns and how reasonable and allowable rates could be documented to assist with compliance. The Department is committed to strengthening internal controls and complying with federal requirements and will prioritize establishing policies and procedures for rate setting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart E-Cost Principles
Title 45 CFR Part 75, Subpart F-Audit Requirements, establishes standards for obtaining consistency and uniformity among HHS agencies for the audit of non-Federal entities expending Federal awards.
Title 42 U.S. Code Chapter 7, Social Security Subchapter IV –Grants to States for Aid and Services to Needy Families with Children and for Child-Welfare Services. Section 675 Definitions Part 4 states in part:
4. The term “foster care maintenance payments” means payments to cover the cost of (and the cost of providing) food, clothing, shelter, daily supervision, school supplies, a child’s personal incidentals, liability insurance with respect to a child, reasonable travel to the child’s home for visitation, and reasonable travel for the child to remain in the school in which the child is enrolled at the time of placement. In the case of institutional care, such term shall include the reasonable costs of administration and operation of such institution as are necessarily required to provide the items described in the preceding sentence.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $6,000
Prior Year Audit Finding: Yes, Finding 2023-066
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.8 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink.
When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice containing billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2023-066, 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
We used a statistical sampling method to randomly select and examine 58 out of 1,084 foster care payments for travel and family time visits. Of the payments examined, we identified four payments costing $6,000 that lacked adequate documentation to support the amount of travel and family time visits being reimbursed.
We also found the Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition and Questioned Costs
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported. We are questioning the $6,000 in unsupported payments and estimate likely questioned costs to be $20,277.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(a)(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In response to the prior year’s audit, the Contracts Compliance Team, hired two new staff in the last half of calendar year 2023 dedicated to reviewing all regional child welfare client service contracts including family time visit payments. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began reviews of family time visit payments in November 2023. Due to staff resources and the number of contracts, the on-site compliance visits were completed for 44 of the 52 family time contracts in the past two fiscal years. On-site compliance visits are performed on a four year cycle and the Department strives to have all contracts reviewed in state fiscal year 2025.
The Department implemented a new process for creating Sprout invoices from family time activity data during the prior audit period. This process included utilizing algorithms to identify reimbursement outside of reasonable amounts, requiring providers to submit additional documentation or explanation for flagged invoices, and implementing a re-run process to identify duplicate billings. The Department also implemented additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment.
Between January and March 2024, the Department identified and implemented regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported. The Department experienced errors from new staff during the roll-out phases and as part of the Plan, Do, Check, Act (continuous quality improvement process) additional steps were added to the process to ensure payments were accurate. The Department will continue to strengthen internal controls around the review and payment for family time activities and invoices.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-067
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.9 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists gather information from a variety of sources to determine the support level of the child or youth. To ensure maintenance payments are accurate and allowable, the specialists enter the data gathered into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate to meet a child’s needs. Prior to payment, a supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program. The prior finding number was 2023-067.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 29,392 made during the audit period to ensure that the payments are allowable and accurate. We found that the Department did not perform six-month reviews of the reimbursement rates for two payments. This prevented the Department from ensuring it can provide accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not implement some internal control improvements until June 2024.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective June 2024 and as part of the implementation of the new rate assessment process, the Department took the following actions:
• Published a new report in FamLink to assist rate assessors in identifying:
o Six-month reviews that have not been performed timely.
o Cases with upcoming rate assessments and due dates for reviews.
• Implemented monthly tracking by supervisors to assist with internal controls and compliance.
The new tracking report has been helpful in identifying when cases are coming due, when they are overdue, and when they are missing. However, there were errors in the functionality of the report that were identified during the first sixth months the report was used. These errors led to placement resources specialists and their supervisors not having an accurate tool to appropriately identify all cases in need of a resource level determination. Placement resources specialists struggled to properly utilize the new report and as part of the Plan, Do, Check, Act (CQI process) additional steps were added to the process to assist with ensuring the reports were accurate and additional training was provided to staff to ensure they were supported.
During the audit period, the Department expanded level determinations to include unlicensed kinship caregivers for the purpose of providing support which increased the number of resource level determinations and substantially increased workload for the placement resources specialists. In addition, when reviewing the number of cases that are missing rate assessments, many of the cases are for Tribal Dependent Youth for Tribes that have made the decision to do their own level determinations. Tribes are sovereign nations, and we partner with them in this space. We continue to work with Tribes to help determine the best way to support them in completing timely rate assessments.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, establishes rate assessment requirements for the program.
Washington Administrative Code 110-50-0440, Foster care maintenance payment and standardized assessment tool, establishes rate assessment requirements for the program.
2024-068 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-065
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35%, 25% and 40%, respectively, that will total 100%. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2024, the Department allocated about $21 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with certain requirements of its PACAP. The prior finding numbers were 2023-065 and 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (August 2023).
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part:
FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-069 The Department of Children, Youth, and Families did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST; 2402 WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,493
Prior Year Audit Finding: Yes, Finding 2023-068
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Individuals
To be eligible to receive foster care benefits a child must meet specific eligibility requirements including the former Aid to Families with Dependent Children (AFDC) criteria. To meet the AFDC criteria, the child must be in need and deprived of parental support or have a principal wage earner parent who is unemployed.
The Department performs reviews of Title IV-E specialists’ cases to verify that all IV-E cases that are worked, are determined properly. During the audit period the Department had two processes. For the first quarter the Department had supervisors review 2 cases for each Title IV-E specialist they supervised. For the remaining three quarters of our audit period the Department had reimplemented their old process of quarterly peer reviews, where the Title IV-E specialist's review other regions Title IV-E Specialists’ cases to verify that specialists are determining eligibility properly.
Background Checks
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers’ households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results the name-based check, the Department shall provide a complete set of each adult resident’s fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
To ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children the Department verifies that the facility is compliant and that background checks were completed before providing them with a license number.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $163.9 million in federal grant funds. This included about $39.1 million for payments to providers for direct client services, with $1.1 million paid to licensed group care facilities and $16.9 million paid to foster family homes.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children. The prior finding numbers were 2023-068 and 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Individuals
The supervisor and peer reviews were not in place throughout the audit period and were not working as intended. We found the Department did not retain monthly supervisor reviews for the first quarter for two of its six regions. We also found the Department did not perform peer reviews in the second quarter.
We used a statistical sampling method to randomly select and examine 59 out of a total population of 465 children to determine whether they were eligible for the Foster Care program. We found one child who was not eligible, but for whom the Department paid $3,493 in benefits on behalf of using Foster Care program funds.
Background Checks
We used a statistical sampling method to randomly select and examine 57 out of a total population of 1,174 foster home new licenses and relicenses. We found that one foster home operated without a valid license for two months.
In addition, we used a statistical sampling method to randomly select and examine 58 out of a total population of 2,064 employees and household members who required background checks and found:
• Two individuals had background checks that were late with one being nine days after placement and the other being six months late
• Four of the individuals were missing fingerprint background checks
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
Cause of Condition
Individuals
The Department did not include all assets of the family’s resources when calculating the child’s AFDC eligibility resulting in an ineligible client being paid with federal grant funds.
Background Checks
The Department processes over 50,000 background checks annually, with more than 60% processed in an information technology (IT) system that lacks the capability to track an individual’s status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
Additionally, Department management did not monitor to ensure internal controls were sufficient to ensure compliance and that they were being followed.
Effect of Condition and Questioned Costs
Individuals
The Department improperly determined eligibility for one individual leading to known questioned costs of $3,493. We used a nonstatistical sampling method and estimate likely questioned costs to be $33,335.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Background Checks
By not ensuring everyone had cleared background checks before having unsupervised access to children, children may be in unsafe environments that affect their health and safety.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure everyone has cleared background checks before having unsupervised access to children
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As to the State Auditor’s Office (SAO) specific findings, the Department concurs and offers the following detail:
Individuals
The Department concurs that eligibility was improperly determined for one individual during the audit period. Upon notification, the Department processed a correction and returned the federal funds to the grantor. In addition, the Department has made updates to the peer review process to ensure that a sample of cases are reviewed quarterly and all documentation for the reviews are properly retained.
Background Checks
The Department concurs that six background checks were not conducted as required. As stated in the Cause of Condition, the current information technology (IT) system lacks the capability to track an individual’s background check status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
To improve compliance, in January 2024, the Department started shifting its practice to conduct National Crime Information Center (NCIC) background checks for more placements, which will help ensure background checks are completed prior to placement. The Department will continue communication and training for staff on this new process and clarify when this process is applicable. The Department appreciates the SAO’s insights and remains committed to strengthening our processes to ensure compliance with all background check requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
RCW 43.43.837, Fingerprint-based checks – Requirements for applicants and service providers – Shared background checks-Fees-Rules to establish financial responsibility
RCW 74.15.110, Renewal of licenses.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks.
2024-070 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-069
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2024, about 8,000 children were in Washington’s foster care system. In fiscal year 2024, the Department spent about $164 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding numbers were 2023-069 and 2022-051.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 126 lines in aggregate, and ten (8%) of the lines were incorrect.
During our review of the four quarterly reports, we found that all of them contained inaccuracies. Of the 161 reported line items we examined, 141 were related to expenditure amounts and the other 20 were related to child counts.
• The Department misreported 16 expenditure line items
o Eight of these lines were misreported, ranging between ($4,389) and $373. Of the eight identified, two lines had incorrect expenditures that reported to the other six lines through subtotals.
o For the remaining eight expenditure line items, we were unable to determine the accuracy of the reported expenditures.
• The Department also misreported eight line items related to child counts
o Six of these were input incorrectly ranging between (28) and ten children.
o For the remaining two line items, we were unable to determine the accuracy of the child count reported.
We consider these internal control deficiencies to be a material weakness which resulted in material noncompliance.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. The Department did not create accurate crosswalks to ensure reports were run properly and, although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management said that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendation
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department concurs that crosswalks were not reflective of the CB-496 instructions by line during the audit period. The crosswalks properly reflected the financial coding to run accurate reports, except for the splitting of administrative costs into separate lines on the report as outlined in the HHS published instructions.
Inaccurate Reports
SAO stated the Department misreported its program expenditures during the audit period. The Department concurs and offers the following:
• The FFY23 Quarter 4 report was overstated by $373.
• The FFY24 Quarter 1 report was understated by $4,389.
• The FFY24 Quarter 2 and FFY24 Quarter 3 report expenditures were accurate, but the data was not split between the correct administrative reporting lines. This error does not have an effect on the overall administrative expenditures reported to HHS.
The Department manages reporting for the Title IV-E program of $164 million per fiscal year. In proportion to the total expenditures reported, the reporting error identified by SAO is .0025%. The Department will submit a correction to the federal partner during the next reporting period and is committed to strengthening our internal review processes to ensure quarterly reports are completed accurately.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
a. Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
3. The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-071 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Payment Rate Setting and Application
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $15.4 million for foster care maintenance payments.
The Department must establish payment rates for maintenance payments (for example, payments to foster parents, childcare institutions or directly to youth). The Department’s state plan approved by the Administration for Children and Families must provide for periodic review of payment rates for foster care maintenance payments at reasonable, specific, time-limited periods established by the Department to ensure the rate’s continuing appropriateness for the administration of the Title IV-E program. One of seven levels of maintenance payment amounts are assigned to each child based on a variety of factors such as medical needs. Each of the levels includes an overall increase of $342.50 from the previous level. In fiscal year 2024, the Department recalculated its Foster Care maintenance payment rates. The different rate level increases were between $50 and $1,302 per month.
The Department has established rate structures for regular foster care maintenance payments, Behavioral Rehabilitation Service, and administrative service and management fees. The Department performs an economic analysis every four years to determine rates.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
The Department did not have written policies and procedures to ensure it established maintenance payment rates exclusively for allowable, reasonable and necessary activities. During the audit, we reviewed the rate elements the Department used to determine the final maintenance rates. We identified several elements that, in our judgment, appeared to be unnecessary or unreasonable, including:
• Apps/games/ringtones for handheld devices
• Multiple entertainment and recreation costs such as:
o TV/video/audio
o Satellite dishes
o Exercise equipment and gear/game tables
o Video game software
o Streaming/downloaded audio
o Stamp and coin collecting
o Online gaming services
• Food that did not appear to be suitable for children’s activities such as coffee, soda and other carbonated drinks, and sweets
• Baby food included in the calculation for older children
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have written policies and procedures and had no documentation to demonstrate how each rate element above was reasonable and allowable. In addition, the state plan did not reference any policies, laws or regulations regarding how rates should be calculated; it only referenced a policy stating that rates must be recalculated every four years.
In addition, the Department had a two-year moratorium on policies and procedures for the agency. The Department began working on a policy related to Rates, but this work has been delayed due to staff turnover and available resources.
Effect of Condition
After removing the elements described above, rates for level one payments were roughly $50 less than what the Department determined. The Basic Rate difference was $49.79 for children up to five years old, $50.27 for children aged six to 11 years, and $52.29 for children aged 12 years and older. Additionally, the Department could not support the overall increase of $342.50 for each level.
For levels higher than the basic rate, the Department was unable to support the increases, leading to the Department potentially paying more than allowable.
Recommendation
We recommend the Department develop and implement written policies and procedures for setting payment rates to ensure established foster care maintenance payment rates only include allowable costs.
Department’s Response
The Department concurs that policies and procedures related to rate setting for Foster Care maintenance payment are not currently established. Due to limited staffing resources, in September 2024, the Department submitted a budget request for the 2025 supplemental budget. The request included funding for a contractor to establish a formal governance process, policies and procedures, and create a public rate setting calendar and feedback structure for Department rate setting activities. This budget request was not funded by the Legislature.
In February 2025, the Department met with the SAO to gather an understanding of concerns and how reasonable and allowable rates could be documented to assist with compliance. The Department is committed to strengthening internal controls and complying with federal requirements and will prioritize establishing policies and procedures for rate setting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart E-Cost Principles
Title 45 CFR Part 75, Subpart F-Audit Requirements, establishes standards for obtaining consistency and uniformity among HHS agencies for the audit of non-Federal entities expending Federal awards.
Title 42 U.S. Code Chapter 7, Social Security Subchapter IV –Grants to States for Aid and Services to Needy Families with Children and for Child-Welfare Services. Section 675 Definitions Part 4 states in part:
4. The term “foster care maintenance payments” means payments to cover the cost of (and the cost of providing) food, clothing, shelter, daily supervision, school supplies, a child’s personal incidentals, liability insurance with respect to a child, reasonable travel to the child’s home for visitation, and reasonable travel for the child to remain in the school in which the child is enrolled at the time of placement. In the case of institutional care, such term shall include the reasonable costs of administration and operation of such institution as are necessarily required to provide the items described in the preceding sentence.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-072 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the Social Services Block Grant.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WASOSR; 2402WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $9,098,747
Prior Year Audit Finding: Yes, Finding 2023-070
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth and young adults for case management, foster care, protective services, transportation, childcare and other services such as child welfare services, intake and assessment, crisis counseling, family reconciliation and licensing staff. In fiscal year 2024, the Department spent about $46.7 million in federal funding. Of this amount, the Department paid about $20.2 million to providers for direct client services.
SSBG gave the Department broad flexibility to design and administer the program based on its approved plan. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Payments to the providers were initially incurred for other programs then transferred to the SSBG program to align with the amounts allocated in the Pre-Expenditure Report. The Department periodically processed journal vouchers to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the SSBG. The prior finding number was 2023-070.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the SSBG.
Department management said it used the approved SSBG Pre-Expenditure Report and Intended Use Plan to identify eligible activities initially charged to the Foster Care program, then periodically transferred them to the SSBG grant to align with the Pre-Expenditure Report. The Department also said management performed monthly reconciliation to verify the expenditures were for allowable activities and within the period of performance.
During our testing, we found the Department used the Pre-Expenditure Report to identify eligible activities for the SSBG program and transferred funds accordingly. However, we found the Department did not perform month reconciliations to verify these expenditures were for allowable activities and within the period of performance.
We examined the Department’s accounting records to determine if payments the Department transferred to the SSBG program were for activities that were allowable, authorized, accurate and supported. We identified total provider payments of $20,211,047 that were transferred to the SSBG program during fiscal year 2024. We analyzed provider payments and requested the Department verify whether it could provide adequate level of expenditure so we could determine whether payments were allowable and supported. Based on our analysis and confirmation from the Department, we categorized the total expenditures into two categories, which we identified in the following table.
Category Amount
Provider payments for which the Department provided an adequate level of support $11,112,849
Provider payments for which the Department could not provide an adequate level of support $9,098,198
Total payments to providers $20,211,047
Provider payments for which the Department provided an adequate level of support
We used a statistical sampling method to randomly select and examine 119 out of a total population of 12,867 payments.
We reviewed the supporting documentation, description of activities and payment approvals. We found the payments were for activities that were supported, allowable, authorized and accurate.
Provider payments for which the Department could not provide an adequate level of support
We were unable to perform testing on payments totaling $9,098,198 because the Department was only able to provide summary level information. The Department was unable to provide an adequate level of support for us to determine whether the costs were for activities that were allowable, authorized and within the period of performance.
Period of performance
We analyzed costs recorded to determine if any costs were incurred for the 2024 SSBG grant award prior to the start of the grant period of performance. We found the Department charged $549 to the 2024 SSBG grant for costs prior to the grant award’s performance period began.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Due to staffing vacancies during the fiscal year, the Department did not perform monthly reconciliations to verify the expenditures were for allowable activities and within the period of performance.
In addition, the Department processed expenditure transfers at the grant level. As a result, the Department could not provide an adequate level of support for 42 % of payments to providers charged to the SSBG program. Therefore, we could not determine whether the payments transferred to SSBG were accurate, for allowable activities, and incurred during the period of performance.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit some of the federal dollars it transferred to SSBG.
We are questioning $9,098,747 in federal program costs the Department charged to the SSBG program during the audit period. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure the funds it transfers to SSBG are supported by transaction-level support sufficient to comply with federal law
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The Department provided the State Auditor’s Office (SAO) with detailed expenditure data reports and email documentation of management reviews of the expenditures being charged to the SSBG grant. As to the SAO’s specific findings:
Period of performance
The charges identified by the SAO of $549 were related to accrued expenditures recorded at year end closing that were not transferred to the proper grant year. No federal funds were drawn on these accruals per Department guidelines and automated internal controls that are built into the Grants Management System that is used for federal draws.
Provider payments for which the Department could not provide an adequate level of support
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the SAO for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data. Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System and the Agency Financial Reporting System to allow transfers between funding sources to include transaction level data related to the expenditures. The Department looks forward to working with SAO to resolve the transaction level data concerns and move forward with fully auditing the SSBG grant program.
Auditor’s Remarks
Period of Performance
We performed testing to ensure federal awards were charged only for allowable costs within their performance periods. We found the Department improperly charged $549 to the 2024 SSBG grant for costs incurred before the grant’s start date.
Provider payments for which the Department could not provide an adequate level of support
The level of documentation needed to support grant expenditures is not established by our Office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures applicable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-073 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the Social Services Block Grant program.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WASOSR; 2402WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-072
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation and licensing staff. In fiscal year 2024, the Department spent about $46.7 million in federal funding.
The Department is required to submit annual SF-425 financial reports for each open SSBG grant. These reports contain information such as the federal grant number, the recipient organization, grant period, reporting period end date, and a summary of expenditures and revenues related to the grant during the reporting period.
The Department is also required to submit annual SSBG Post-Expenditure reports that describe how the Department expended its SSBG grant for each fiscal year. These reports include information such as:
1. The number of eligible people who received services that were fully or partially paid for with SSBG funds
2. The amount of SSBG funds spent on providing each service
3. The method(s) by which each service was provided, showing separately for each service provided by public agencies, private agencies or both
4. The criteria applied in determining eligibility for each service, such as income eligibility guidelines, sliding fee scales, the effect of public assistance benefits, and any requirements for enrollment in school or training programs
5. The state’s definition of “child,” “adult” and “family”
6. Temporary Assistance for Needy Families funds transferred into SSBG
In its approved state plan, the Department has broad flexibility to design and administer the SSBG program. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Most of the expenditures charged to the SSBG program were initially incurred for the other programs and transferred to the SSBG program. The Department periodically processed accounting adjustments to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the SSBG program. The prior finding number was 2023-072.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the SSBG program.
Financial Reporting – SF-425
We selected and examined the two SF-425 reports that the Department was required to submit in state fiscal year 2024. During the audit period, the Department processed expenditure transfers at the grant level. As a result, the Department did not identify the specific transactions, or provide the required level of supporting documentation, for 45% of payments to providers that were charged to the SSBG program. These transactions represented about 20% of total SSBG expenditures. Therefore, we could not rely on the data supporting the Department’s reported SF-425 expenditures and could not determine if the reports were accurate and complete. This condition is also reference in audit finding 2024-072.
Performance Reporting – Post-Expenditure Report
Department personnel said they reviewed and approved the Post-Expenditure Report workbook before the information was uploaded into the SSBG portal to ensure the data was complete and accurate. Department personnel then reviewed and approved the Post-Expenditure Report in the SSBG portal to ensure it was complete and accurate before management performed a final review, certified the report and submitted it.
We selected the only SSBG Post-Expenditure Report that the Department was required to submit during the audit period. We found no documented evidence that the appropriate Department personnel reviewed the Post-Expenditure Report Workbook and the SSBG Post-Expenditure Report for accuracy and completeness before management completed the final review and certification of the report.
The unsupported SF-425 expenditures identified above were also included in this report. Therefore, we could not rely on the data supporting the expenditures reported in the Department’s SSBG Post-Expenditure Report and could not determine if it was accurate and complete.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department processed expenditure transfers at the grant level and made accounting adjustments without identifying the actual payments that were used to support those adjustments.
Additionally, while management asserted the Post-Expenditure Report Workbook and SSBG Post-Expenditure Report were reviewed before the report was uploaded into the SSBG portal, there was no evidence that this review occurred.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure that expenditure amounts reported to the grantor are complete and accurate.
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible to audit some of the federal dollars it transferred to SSBG and reported on the SF-425 financial report and the SSBG Post-Expenditure report.
Recommendations
We recommend the Department:
• Improve internal controls to ensure management reviews reports along with supporting expenditure and revenue data to ensure completeness and accuracy
• Design and implement internal controls to ensure financial and program reports are supported with an adequate level of detail
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The Department provided the SAO with detailed expenditure data reports and email documentation of management reviews of the expenditures being charged to the SSBG grant and changes being requested prior to submission. Management reviewed the expenditure data prior to certifying and submitting the reports in the federal reporting system verifying the requested changes were made. The federal reporting system creates an email after certification which the Department shared with the SAO. The Department was unable to provide email communication between staff and management related to the approval of the changes requested as documentation of the final approval prior to management certifying the report in the federal system as requested by SAO.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data. Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System and the Agency Financial Reporting System to allow transfers between funding sources to include transaction level data related to the expenditures. The Department looks forward to working with SAO to resolve the transaction level data concerns and move forward with fully auditing the SSBG grant program.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures applicable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
Title 45 CFR Part 96.74, Annual Reporting Requirements, establishes the reporting requirements for the Pre-Expenditure and Post-Expenditure program reports.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-072 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the Social Services Block Grant.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WASOSR; 2402WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $9,098,747
Prior Year Audit Finding: Yes, Finding 2023-070
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth and young adults for case management, foster care, protective services, transportation, childcare and other services such as child welfare services, intake and assessment, crisis counseling, family reconciliation and licensing staff. In fiscal year 2024, the Department spent about $46.7 million in federal funding. Of this amount, the Department paid about $20.2 million to providers for direct client services.
SSBG gave the Department broad flexibility to design and administer the program based on its approved plan. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Payments to the providers were initially incurred for other programs then transferred to the SSBG program to align with the amounts allocated in the Pre-Expenditure Report. The Department periodically processed journal vouchers to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the SSBG. The prior finding number was 2023-070.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the SSBG.
Department management said it used the approved SSBG Pre-Expenditure Report and Intended Use Plan to identify eligible activities initially charged to the Foster Care program, then periodically transferred them to the SSBG grant to align with the Pre-Expenditure Report. The Department also said management performed monthly reconciliation to verify the expenditures were for allowable activities and within the period of performance.
During our testing, we found the Department used the Pre-Expenditure Report to identify eligible activities for the SSBG program and transferred funds accordingly. However, we found the Department did not perform month reconciliations to verify these expenditures were for allowable activities and within the period of performance.
We examined the Department’s accounting records to determine if payments the Department transferred to the SSBG program were for activities that were allowable, authorized, accurate and supported. We identified total provider payments of $20,211,047 that were transferred to the SSBG program during fiscal year 2024. We analyzed provider payments and requested the Department verify whether it could provide adequate level of expenditure so we could determine whether payments were allowable and supported. Based on our analysis and confirmation from the Department, we categorized the total expenditures into two categories, which we identified in the following table.
Category Amount
Provider payments for which the Department provided an adequate level of support $11,112,849
Provider payments for which the Department could not provide an adequate level of support $9,098,198
Total payments to providers $20,211,047
Provider payments for which the Department provided an adequate level of support
We used a statistical sampling method to randomly select and examine 119 out of a total population of 12,867 payments.
We reviewed the supporting documentation, description of activities and payment approvals. We found the payments were for activities that were supported, allowable, authorized and accurate.
Provider payments for which the Department could not provide an adequate level of support
We were unable to perform testing on payments totaling $9,098,198 because the Department was only able to provide summary level information. The Department was unable to provide an adequate level of support for us to determine whether the costs were for activities that were allowable, authorized and within the period of performance.
Period of performance
We analyzed costs recorded to determine if any costs were incurred for the 2024 SSBG grant award prior to the start of the grant period of performance. We found the Department charged $549 to the 2024 SSBG grant for costs prior to the grant award’s performance period began.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Due to staffing vacancies during the fiscal year, the Department did not perform monthly reconciliations to verify the expenditures were for allowable activities and within the period of performance.
In addition, the Department processed expenditure transfers at the grant level. As a result, the Department could not provide an adequate level of support for 42 % of payments to providers charged to the SSBG program. Therefore, we could not determine whether the payments transferred to SSBG were accurate, for allowable activities, and incurred during the period of performance.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit some of the federal dollars it transferred to SSBG.
We are questioning $9,098,747 in federal program costs the Department charged to the SSBG program during the audit period. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure the funds it transfers to SSBG are supported by transaction-level support sufficient to comply with federal law
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The Department provided the State Auditor’s Office (SAO) with detailed expenditure data reports and email documentation of management reviews of the expenditures being charged to the SSBG grant. As to the SAO’s specific findings:
Period of performance
The charges identified by the SAO of $549 were related to accrued expenditures recorded at year end closing that were not transferred to the proper grant year. No federal funds were drawn on these accruals per Department guidelines and automated internal controls that are built into the Grants Management System that is used for federal draws.
Provider payments for which the Department could not provide an adequate level of support
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the SAO for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data. Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System and the Agency Financial Reporting System to allow transfers between funding sources to include transaction level data related to the expenditures. The Department looks forward to working with SAO to resolve the transaction level data concerns and move forward with fully auditing the SSBG grant program.
Auditor’s Remarks
Period of Performance
We performed testing to ensure federal awards were charged only for allowable costs within their performance periods. We found the Department improperly charged $549 to the 2024 SSBG grant for costs incurred before the grant’s start date.
Provider payments for which the Department could not provide an adequate level of support
The level of documentation needed to support grant expenditures is not established by our Office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures applicable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-073 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the Social Services Block Grant program.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WASOSR; 2402WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-072
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation and licensing staff. In fiscal year 2024, the Department spent about $46.7 million in federal funding.
The Department is required to submit annual SF-425 financial reports for each open SSBG grant. These reports contain information such as the federal grant number, the recipient organization, grant period, reporting period end date, and a summary of expenditures and revenues related to the grant during the reporting period.
The Department is also required to submit annual SSBG Post-Expenditure reports that describe how the Department expended its SSBG grant for each fiscal year. These reports include information such as:
1. The number of eligible people who received services that were fully or partially paid for with SSBG funds
2. The amount of SSBG funds spent on providing each service
3. The method(s) by which each service was provided, showing separately for each service provided by public agencies, private agencies or both
4. The criteria applied in determining eligibility for each service, such as income eligibility guidelines, sliding fee scales, the effect of public assistance benefits, and any requirements for enrollment in school or training programs
5. The state’s definition of “child,” “adult” and “family”
6. Temporary Assistance for Needy Families funds transferred into SSBG
In its approved state plan, the Department has broad flexibility to design and administer the SSBG program. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Most of the expenditures charged to the SSBG program were initially incurred for the other programs and transferred to the SSBG program. The Department periodically processed accounting adjustments to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the SSBG program. The prior finding number was 2023-072.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the SSBG program.
Financial Reporting – SF-425
We selected and examined the two SF-425 reports that the Department was required to submit in state fiscal year 2024. During the audit period, the Department processed expenditure transfers at the grant level. As a result, the Department did not identify the specific transactions, or provide the required level of supporting documentation, for 45% of payments to providers that were charged to the SSBG program. These transactions represented about 20% of total SSBG expenditures. Therefore, we could not rely on the data supporting the Department’s reported SF-425 expenditures and could not determine if the reports were accurate and complete. This condition is also reference in audit finding 2024-072.
Performance Reporting – Post-Expenditure Report
Department personnel said they reviewed and approved the Post-Expenditure Report workbook before the information was uploaded into the SSBG portal to ensure the data was complete and accurate. Department personnel then reviewed and approved the Post-Expenditure Report in the SSBG portal to ensure it was complete and accurate before management performed a final review, certified the report and submitted it.
We selected the only SSBG Post-Expenditure Report that the Department was required to submit during the audit period. We found no documented evidence that the appropriate Department personnel reviewed the Post-Expenditure Report Workbook and the SSBG Post-Expenditure Report for accuracy and completeness before management completed the final review and certification of the report.
The unsupported SF-425 expenditures identified above were also included in this report. Therefore, we could not rely on the data supporting the expenditures reported in the Department’s SSBG Post-Expenditure Report and could not determine if it was accurate and complete.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department processed expenditure transfers at the grant level and made accounting adjustments without identifying the actual payments that were used to support those adjustments.
Additionally, while management asserted the Post-Expenditure Report Workbook and SSBG Post-Expenditure Report were reviewed before the report was uploaded into the SSBG portal, there was no evidence that this review occurred.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure that expenditure amounts reported to the grantor are complete and accurate.
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible to audit some of the federal dollars it transferred to SSBG and reported on the SF-425 financial report and the SSBG Post-Expenditure report.
Recommendations
We recommend the Department:
• Improve internal controls to ensure management reviews reports along with supporting expenditure and revenue data to ensure completeness and accuracy
• Design and implement internal controls to ensure financial and program reports are supported with an adequate level of detail
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The Department provided the SAO with detailed expenditure data reports and email documentation of management reviews of the expenditures being charged to the SSBG grant and changes being requested prior to submission. Management reviewed the expenditure data prior to certifying and submitting the reports in the federal reporting system verifying the requested changes were made. The federal reporting system creates an email after certification which the Department shared with the SAO. The Department was unable to provide email communication between staff and management related to the approval of the changes requested as documentation of the final approval prior to management certifying the report in the federal system as requested by SAO.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data. Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System and the Agency Financial Reporting System to allow transfers between funding sources to include transaction level data related to the expenditures. The Department looks forward to working with SAO to resolve the transaction level data concerns and move forward with fully auditing the SSBG grant program.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures applicable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
Title 45 CFR Part 96.74, Annual Reporting Requirements, establishes the reporting requirements for the Pre-Expenditure and Post-Expenditure program reports.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $10,467,736
Prior Year Audit Finding: Yes, Finding 2023-084
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, $50.8 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed are for allowable activities and meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SUPTRS and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards (SEFA).
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SUPTRS subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements. The prior finding numbers were 2023-084 and 2022-067.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements.
During the audit period, the FFR unit recorded two state fiscal year-end estimated accruals totaling $16,195,231. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $5,727,495 in liquidations processed after the state fiscal year close. We used a non-statistical sampling method to randomly select and examine 21 out of a total population of 116 including five individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. Additionally, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided, and reimbursement requests are received.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SUPTRS expenditures reported on the SEFA are for allowable activities and within the period of performance.
We identified $10,467,736 in known questioned costs related to estimated year-end accruals.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquidated provider payments to specific year-end estimated accruals
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $10,467,736 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of fiscal year 2024 expenditures for which invoices have not yet been received. There are no funds associated with the $10.5 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a sample of liquidations made against the accruals processed through September 30, covering the two-month period after the accruals were recorded. Testing was conducted after this date and could have included additional liquidations, but the auditors chose to limit the sample timeframe. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during fiscal year 2024.
The auditor concludes the Authority cannot reasonably ensure the expenditures reported on the SEFA are for allowable activities and within the period of performance, with the implication that the $10.5 million should not have been reported on the SEFA. However, removing the $10.5 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee’s financial statements which must include the total Federal awards expended as determined in accordance with § 75.502…
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab.
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SUPTRS only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SUPTRS, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2024-083 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-086
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
The Federal Funding Accountability and Transparency Act (Act) requires the Authority to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Authority includes a subaward identification form, which contains all the required reporting information, when it creates a new SUPTRS subaward or amendment. After all parties sign it, contract unit staff emails the subaward identification form to the federal financial reporting unit. Federal financial reporting staff review these emails and complete the report as required. There were 138 SUPTRS subawards and amendments that the Authority was required to report in fiscal year 2024, totaling $78,875,512.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SUPTRS program. The prior finding numbers were 2023-086, 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $78.9 million of program funds that it awarded to subrecipients through 138 new and amended subawards for the primary SUPTRS awards. We used a non-statistical sampling method to randomly select and examine 18 of the 138 subawards and amendments, and found that 11 (61%), totaling $2.8 million, did not meet reporting requirements. Of these 11 subawards and amendments, ten were not reported in FSRS and one was submitted two months after the reporting deadline. Of the eight that were reported, there were no issues with the accuracy of the data reported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The federal financial reporting staff relied on subaward identification forms the contract unit emailed to complete FFATA reporting. However, the Authority did not have a process to ensure the contract unit emailed all forms to the federal financial reporting unit. As a result, the Authority did not detect forms that the contract unit did not email to the federal financial reporting unit as missing, and subsequently did not report them.
During the audit period, the Authority developed written procedures to address this issue to ensure it submits all reports as required, but did not implement the process until toward the end of the audit period.
Effect of Condition
Failing to submit the required reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and timely
Authority’s Response
The Authority concurs with the finding. Effective internal controls were put into place partway through FY 24, however inconsistencies during initial implementation were identified. These inconsistencies have been identified and resolved, and the Authority will continue to strengthen the processes moving forward.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-084 The Health Care Authority did not have adequate internal controls to ensure subrecipients of the Block Grants for Substance Use, Prevention, Treatment and Recovery Services program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-087
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use, Prevention, Treatment and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipient that spent $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits along with identifying any program-funded findings and associated management decisions and status of corrective action plans.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding numbers were 2023-087 and 2022-066.
Description of Condition
The Authority did not have adequate internal controls to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority implemented written policies and procedures over its process for tracking subrecipients’ single audits. The procedures included the review of subrecipients’ audits for program-funded findings and the completion of required management decisions. The Authority implemented these policies and procedures in January 2024, halfway through the fiscal year. Before this, the Authority did not have a process in place to ensure compliance.
During compliance testing, we did not identify any noncompliance.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to prior year findings, the Authority developed new policies and procedures, but did not fully implement them until halfway through the fiscal year.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Further, the Authority cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients sufficiently corrected issues identified in audit findings.
Recommendation
We recommend the Authority continue to follow its new policies and procedures to ensure subrecipients obtain required single audits, it issues management decisions when necessary, and that subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations.
Authority’s Response
The Authority concurs with the finding and will continue to follow the policies and procedures implemented during fiscal year 2024.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $10,467,736
Prior Year Audit Finding: Yes, Finding 2023-084
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, $50.8 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed are for allowable activities and meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SUPTRS and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards (SEFA).
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SUPTRS subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements. The prior finding numbers were 2023-084 and 2022-067.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements.
During the audit period, the FFR unit recorded two state fiscal year-end estimated accruals totaling $16,195,231. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $5,727,495 in liquidations processed after the state fiscal year close. We used a non-statistical sampling method to randomly select and examine 21 out of a total population of 116 including five individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. Additionally, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided, and reimbursement requests are received.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SUPTRS expenditures reported on the SEFA are for allowable activities and within the period of performance.
We identified $10,467,736 in known questioned costs related to estimated year-end accruals.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquidated provider payments to specific year-end estimated accruals
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $10,467,736 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of fiscal year 2024 expenditures for which invoices have not yet been received. There are no funds associated with the $10.5 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a sample of liquidations made against the accruals processed through September 30, covering the two-month period after the accruals were recorded. Testing was conducted after this date and could have included additional liquidations, but the auditors chose to limit the sample timeframe. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during fiscal year 2024.
The auditor concludes the Authority cannot reasonably ensure the expenditures reported on the SEFA are for allowable activities and within the period of performance, with the implication that the $10.5 million should not have been reported on the SEFA. However, removing the $10.5 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee’s financial statements which must include the total Federal awards expended as determined in accordance with § 75.502…
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab.
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SUPTRS only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SUPTRS, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2024-083 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-086
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
The Federal Funding Accountability and Transparency Act (Act) requires the Authority to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Authority includes a subaward identification form, which contains all the required reporting information, when it creates a new SUPTRS subaward or amendment. After all parties sign it, contract unit staff emails the subaward identification form to the federal financial reporting unit. Federal financial reporting staff review these emails and complete the report as required. There were 138 SUPTRS subawards and amendments that the Authority was required to report in fiscal year 2024, totaling $78,875,512.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SUPTRS program. The prior finding numbers were 2023-086, 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $78.9 million of program funds that it awarded to subrecipients through 138 new and amended subawards for the primary SUPTRS awards. We used a non-statistical sampling method to randomly select and examine 18 of the 138 subawards and amendments, and found that 11 (61%), totaling $2.8 million, did not meet reporting requirements. Of these 11 subawards and amendments, ten were not reported in FSRS and one was submitted two months after the reporting deadline. Of the eight that were reported, there were no issues with the accuracy of the data reported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The federal financial reporting staff relied on subaward identification forms the contract unit emailed to complete FFATA reporting. However, the Authority did not have a process to ensure the contract unit emailed all forms to the federal financial reporting unit. As a result, the Authority did not detect forms that the contract unit did not email to the federal financial reporting unit as missing, and subsequently did not report them.
During the audit period, the Authority developed written procedures to address this issue to ensure it submits all reports as required, but did not implement the process until toward the end of the audit period.
Effect of Condition
Failing to submit the required reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and timely
Authority’s Response
The Authority concurs with the finding. Effective internal controls were put into place partway through FY 24, however inconsistencies during initial implementation were identified. These inconsistencies have been identified and resolved, and the Authority will continue to strengthen the processes moving forward.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-084 The Health Care Authority did not have adequate internal controls to ensure subrecipients of the Block Grants for Substance Use, Prevention, Treatment and Recovery Services program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-087
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use, Prevention, Treatment and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipient that spent $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits along with identifying any program-funded findings and associated management decisions and status of corrective action plans.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding numbers were 2023-087 and 2022-066.
Description of Condition
The Authority did not have adequate internal controls to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority implemented written policies and procedures over its process for tracking subrecipients’ single audits. The procedures included the review of subrecipients’ audits for program-funded findings and the completion of required management decisions. The Authority implemented these policies and procedures in January 2024, halfway through the fiscal year. Before this, the Authority did not have a process in place to ensure compliance.
During compliance testing, we did not identify any noncompliance.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to prior year findings, the Authority developed new policies and procedures, but did not fully implement them until halfway through the fiscal year.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Further, the Authority cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients sufficiently corrected issues identified in audit findings.
Recommendation
We recommend the Authority continue to follow its new policies and procedures to ensure subrecipients obtain required single audits, it issues management decisions when necessary, and that subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations.
Authority’s Response
The Authority concurs with the finding and will continue to follow the policies and procedures implemented during fiscal year 2024.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $10,467,736
Prior Year Audit Finding: Yes, Finding 2023-084
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, $50.8 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed are for allowable activities and meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SUPTRS and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards (SEFA).
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SUPTRS subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements. The prior finding numbers were 2023-084 and 2022-067.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements.
During the audit period, the FFR unit recorded two state fiscal year-end estimated accruals totaling $16,195,231. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $5,727,495 in liquidations processed after the state fiscal year close. We used a non-statistical sampling method to randomly select and examine 21 out of a total population of 116 including five individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. Additionally, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided, and reimbursement requests are received.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SUPTRS expenditures reported on the SEFA are for allowable activities and within the period of performance.
We identified $10,467,736 in known questioned costs related to estimated year-end accruals.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquidated provider payments to specific year-end estimated accruals
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $10,467,736 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of fiscal year 2024 expenditures for which invoices have not yet been received. There are no funds associated with the $10.5 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a sample of liquidations made against the accruals processed through September 30, covering the two-month period after the accruals were recorded. Testing was conducted after this date and could have included additional liquidations, but the auditors chose to limit the sample timeframe. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during fiscal year 2024.
The auditor concludes the Authority cannot reasonably ensure the expenditures reported on the SEFA are for allowable activities and within the period of performance, with the implication that the $10.5 million should not have been reported on the SEFA. However, removing the $10.5 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee’s financial statements which must include the total Federal awards expended as determined in accordance with § 75.502…
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab.
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SUPTRS only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SUPTRS, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2024-083 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-086
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
The Federal Funding Accountability and Transparency Act (Act) requires the Authority to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Authority includes a subaward identification form, which contains all the required reporting information, when it creates a new SUPTRS subaward or amendment. After all parties sign it, contract unit staff emails the subaward identification form to the federal financial reporting unit. Federal financial reporting staff review these emails and complete the report as required. There were 138 SUPTRS subawards and amendments that the Authority was required to report in fiscal year 2024, totaling $78,875,512.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SUPTRS program. The prior finding numbers were 2023-086, 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $78.9 million of program funds that it awarded to subrecipients through 138 new and amended subawards for the primary SUPTRS awards. We used a non-statistical sampling method to randomly select and examine 18 of the 138 subawards and amendments, and found that 11 (61%), totaling $2.8 million, did not meet reporting requirements. Of these 11 subawards and amendments, ten were not reported in FSRS and one was submitted two months after the reporting deadline. Of the eight that were reported, there were no issues with the accuracy of the data reported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The federal financial reporting staff relied on subaward identification forms the contract unit emailed to complete FFATA reporting. However, the Authority did not have a process to ensure the contract unit emailed all forms to the federal financial reporting unit. As a result, the Authority did not detect forms that the contract unit did not email to the federal financial reporting unit as missing, and subsequently did not report them.
During the audit period, the Authority developed written procedures to address this issue to ensure it submits all reports as required, but did not implement the process until toward the end of the audit period.
Effect of Condition
Failing to submit the required reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and timely
Authority’s Response
The Authority concurs with the finding. Effective internal controls were put into place partway through FY 24, however inconsistencies during initial implementation were identified. These inconsistencies have been identified and resolved, and the Authority will continue to strengthen the processes moving forward.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-084 The Health Care Authority did not have adequate internal controls to ensure subrecipients of the Block Grants for Substance Use, Prevention, Treatment and Recovery Services program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-087
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use, Prevention, Treatment and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipient that spent $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits along with identifying any program-funded findings and associated management decisions and status of corrective action plans.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding numbers were 2023-087 and 2022-066.
Description of Condition
The Authority did not have adequate internal controls to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority implemented written policies and procedures over its process for tracking subrecipients’ single audits. The procedures included the review of subrecipients’ audits for program-funded findings and the completion of required management decisions. The Authority implemented these policies and procedures in January 2024, halfway through the fiscal year. Before this, the Authority did not have a process in place to ensure compliance.
During compliance testing, we did not identify any noncompliance.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to prior year findings, the Authority developed new policies and procedures, but did not fully implement them until halfway through the fiscal year.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Further, the Authority cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients sufficiently corrected issues identified in audit findings.
Recommendation
We recommend the Authority continue to follow its new policies and procedures to ensure subrecipients obtain required single audits, it issues management decisions when necessary, and that subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations.
Authority’s Response
The Authority concurs with the finding and will continue to follow the policies and procedures implemented during fiscal year 2024.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $10,467,736
Prior Year Audit Finding: Yes, Finding 2023-084
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, $50.8 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed are for allowable activities and meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SUPTRS and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards (SEFA).
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SUPTRS subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements. The prior finding numbers were 2023-084 and 2022-067.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements.
During the audit period, the FFR unit recorded two state fiscal year-end estimated accruals totaling $16,195,231. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $5,727,495 in liquidations processed after the state fiscal year close. We used a non-statistical sampling method to randomly select and examine 21 out of a total population of 116 including five individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. Additionally, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided, and reimbursement requests are received.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SUPTRS expenditures reported on the SEFA are for allowable activities and within the period of performance.
We identified $10,467,736 in known questioned costs related to estimated year-end accruals.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquidated provider payments to specific year-end estimated accruals
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $10,467,736 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of fiscal year 2024 expenditures for which invoices have not yet been received. There are no funds associated with the $10.5 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a sample of liquidations made against the accruals processed through September 30, covering the two-month period after the accruals were recorded. Testing was conducted after this date and could have included additional liquidations, but the auditors chose to limit the sample timeframe. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during fiscal year 2024.
The auditor concludes the Authority cannot reasonably ensure the expenditures reported on the SEFA are for allowable activities and within the period of performance, with the implication that the $10.5 million should not have been reported on the SEFA. However, removing the $10.5 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee’s financial statements which must include the total Federal awards expended as determined in accordance with § 75.502…
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab.
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SUPTRS only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SUPTRS, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2024-083 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-086
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
The Federal Funding Accountability and Transparency Act (Act) requires the Authority to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Authority includes a subaward identification form, which contains all the required reporting information, when it creates a new SUPTRS subaward or amendment. After all parties sign it, contract unit staff emails the subaward identification form to the federal financial reporting unit. Federal financial reporting staff review these emails and complete the report as required. There were 138 SUPTRS subawards and amendments that the Authority was required to report in fiscal year 2024, totaling $78,875,512.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SUPTRS program. The prior finding numbers were 2023-086, 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $78.9 million of program funds that it awarded to subrecipients through 138 new and amended subawards for the primary SUPTRS awards. We used a non-statistical sampling method to randomly select and examine 18 of the 138 subawards and amendments, and found that 11 (61%), totaling $2.8 million, did not meet reporting requirements. Of these 11 subawards and amendments, ten were not reported in FSRS and one was submitted two months after the reporting deadline. Of the eight that were reported, there were no issues with the accuracy of the data reported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The federal financial reporting staff relied on subaward identification forms the contract unit emailed to complete FFATA reporting. However, the Authority did not have a process to ensure the contract unit emailed all forms to the federal financial reporting unit. As a result, the Authority did not detect forms that the contract unit did not email to the federal financial reporting unit as missing, and subsequently did not report them.
During the audit period, the Authority developed written procedures to address this issue to ensure it submits all reports as required, but did not implement the process until toward the end of the audit period.
Effect of Condition
Failing to submit the required reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and timely
Authority’s Response
The Authority concurs with the finding. Effective internal controls were put into place partway through FY 24, however inconsistencies during initial implementation were identified. These inconsistencies have been identified and resolved, and the Authority will continue to strengthen the processes moving forward.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-084 The Health Care Authority did not have adequate internal controls to ensure subrecipients of the Block Grants for Substance Use, Prevention, Treatment and Recovery Services program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-087
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use, Prevention, Treatment and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipient that spent $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits along with identifying any program-funded findings and associated management decisions and status of corrective action plans.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding numbers were 2023-087 and 2022-066.
Description of Condition
The Authority did not have adequate internal controls to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority implemented written policies and procedures over its process for tracking subrecipients’ single audits. The procedures included the review of subrecipients’ audits for program-funded findings and the completion of required management decisions. The Authority implemented these policies and procedures in January 2024, halfway through the fiscal year. Before this, the Authority did not have a process in place to ensure compliance.
During compliance testing, we did not identify any noncompliance.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to prior year findings, the Authority developed new policies and procedures, but did not fully implement them until halfway through the fiscal year.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Further, the Authority cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients sufficiently corrected issues identified in audit findings.
Recommendation
We recommend the Authority continue to follow its new policies and procedures to ensure subrecipients obtain required single audits, it issues management decisions when necessary, and that subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations.
Authority’s Response
The Authority concurs with the finding and will continue to follow the policies and procedures implemented during fiscal year 2024.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $10,467,736
Prior Year Audit Finding: Yes, Finding 2023-084
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, $50.8 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed are for allowable activities and meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SUPTRS and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards (SEFA).
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SUPTRS subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements. The prior finding numbers were 2023-084 and 2022-067.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements.
During the audit period, the FFR unit recorded two state fiscal year-end estimated accruals totaling $16,195,231. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $5,727,495 in liquidations processed after the state fiscal year close. We used a non-statistical sampling method to randomly select and examine 21 out of a total population of 116 including five individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. Additionally, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided, and reimbursement requests are received.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SUPTRS expenditures reported on the SEFA are for allowable activities and within the period of performance.
We identified $10,467,736 in known questioned costs related to estimated year-end accruals.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquidated provider payments to specific year-end estimated accruals
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $10,467,736 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of fiscal year 2024 expenditures for which invoices have not yet been received. There are no funds associated with the $10.5 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a sample of liquidations made against the accruals processed through September 30, covering the two-month period after the accruals were recorded. Testing was conducted after this date and could have included additional liquidations, but the auditors chose to limit the sample timeframe. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during fiscal year 2024.
The auditor concludes the Authority cannot reasonably ensure the expenditures reported on the SEFA are for allowable activities and within the period of performance, with the implication that the $10.5 million should not have been reported on the SEFA. However, removing the $10.5 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee’s financial statements which must include the total Federal awards expended as determined in accordance with § 75.502…
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab.
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SUPTRS only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SUPTRS, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2024-083 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-086
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
The Federal Funding Accountability and Transparency Act (Act) requires the Authority to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Authority includes a subaward identification form, which contains all the required reporting information, when it creates a new SUPTRS subaward or amendment. After all parties sign it, contract unit staff emails the subaward identification form to the federal financial reporting unit. Federal financial reporting staff review these emails and complete the report as required. There were 138 SUPTRS subawards and amendments that the Authority was required to report in fiscal year 2024, totaling $78,875,512.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SUPTRS program. The prior finding numbers were 2023-086, 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $78.9 million of program funds that it awarded to subrecipients through 138 new and amended subawards for the primary SUPTRS awards. We used a non-statistical sampling method to randomly select and examine 18 of the 138 subawards and amendments, and found that 11 (61%), totaling $2.8 million, did not meet reporting requirements. Of these 11 subawards and amendments, ten were not reported in FSRS and one was submitted two months after the reporting deadline. Of the eight that were reported, there were no issues with the accuracy of the data reported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The federal financial reporting staff relied on subaward identification forms the contract unit emailed to complete FFATA reporting. However, the Authority did not have a process to ensure the contract unit emailed all forms to the federal financial reporting unit. As a result, the Authority did not detect forms that the contract unit did not email to the federal financial reporting unit as missing, and subsequently did not report them.
During the audit period, the Authority developed written procedures to address this issue to ensure it submits all reports as required, but did not implement the process until toward the end of the audit period.
Effect of Condition
Failing to submit the required reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and timely
Authority’s Response
The Authority concurs with the finding. Effective internal controls were put into place partway through FY 24, however inconsistencies during initial implementation were identified. These inconsistencies have been identified and resolved, and the Authority will continue to strengthen the processes moving forward.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-084 The Health Care Authority did not have adequate internal controls to ensure subrecipients of the Block Grants for Substance Use, Prevention, Treatment and Recovery Services program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-087
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use, Prevention, Treatment and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipient that spent $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits along with identifying any program-funded findings and associated management decisions and status of corrective action plans.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding numbers were 2023-087 and 2022-066.
Description of Condition
The Authority did not have adequate internal controls to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority implemented written policies and procedures over its process for tracking subrecipients’ single audits. The procedures included the review of subrecipients’ audits for program-funded findings and the completion of required management decisions. The Authority implemented these policies and procedures in January 2024, halfway through the fiscal year. Before this, the Authority did not have a process in place to ensure compliance.
During compliance testing, we did not identify any noncompliance.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to prior year findings, the Authority developed new policies and procedures, but did not fully implement them until halfway through the fiscal year.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Further, the Authority cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients sufficiently corrected issues identified in audit findings.
Recommendation
We recommend the Authority continue to follow its new policies and procedures to ensure subrecipients obtain required single audits, it issues management decisions when necessary, and that subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations.
Authority’s Response
The Authority concurs with the finding and will continue to follow the policies and procedures implemented during fiscal year 2024.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-085 The Military Department did not have adequate internal controls to ensure it accurately filed reports required by the Federal Funding Accountability and Transparency Act for the Disaster Grants Public Assistance program.
Assistance Listing Number and Title: 97.036 Disaster Grants – Public Assistance
Federal Grantor Name: Department of Homeland Security
Federal Award/Contract Number: 1671DRWAP0000001;1734DRWAP0000001; 1817DRWAP0000001;1963DRWAP0000001; 4056DRWAP0000001;4083DRWAP0000001; 4168DRWAP0000001;4188DRWAP0000001; 4242DRWAP0000001;4243DRWAP0000001; 4249DRWAP0000001;4253DRWAP0000001; 4309DRWAP0000001;4418DRWAP0000001; 4481DRWAP0000001;4539DRWAP0000001; 4584DRWAP0000001;4593DRWAP0000001; 4635DRWAP0000001;4650DRWAP0000001; 4682DRWAP0000001
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Washington Military Department, Emergency Management Division, administers the Disaster Grant – Public Assistance (PA) program. The Department subawards federal funds to state agencies, tribes, local governments and certain types of private nonprofit organizations to help fund their response to and recovery from disasters. Following a presidential declaration of a major disaster or an emergency, the Federal Emergency Management Agency (FEMA) provides supplemental federal disaster grants assistance for debris removal, emergency protective measures and the restoration of disaster damaged facilities owned by states, municipalities, tribes and certain types of private nonprofit organizations.
In state fiscal year 2024, the Department spent about $530.9 million in federal program funds, including about $529.8 million it paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending. Department policy requires it to report all subawards in FSRS regardless of if they are more than the $30,000 threshold.
FEMA issues subaward and amendment obligation of project funding notifications as an S1 report. PA program staff use the S1 report to enter obligation details into the Contracts Unit’s FFATA Reporting Spreadsheet that contains the required reporting information for the subawards. Contracts staff then submit the report based on the FFATA Reporting Spreadsheet. There were 447 PA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $922,836,314.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure it accurately filed reports required for the PA program.
We used a statistical sampling method and randomly select and examine 55 out of the total population of 447 subawards and subaward amendments. We found:
• The Department did not report one subaward (2%) totaling $97,515 in FSRS
• The Department overreported one subaward obligation (2%) totaling $1,615,363 by $20,000
• One subaward (2%) totaling $43,497 contained the wrong subaward identification number in FSRS
• The Department did not report five subawards and amendments (9%) totaling $50,662 on time in FSRS.
Additionally, there were 10 subawards (18%), totaling $1,128,644, in which the subaward obligation date did not match the obligation date reported in FSRS.
We consider these internal control deficiencies to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had procedures in place to ensure it reported subawards and amendments in FSRS. However, management did not ensure program staff entered all subaward information in the FFATA reporting spreadsheet correctly.
Effect of Condition
Failing to submit the required reports on time and accurately diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Follow established procedures to ensure it enters all required information accurately into FSRS
Department’s Response
During SFY 2023-24, FEMA implemented two significant methodology changes:
• FEMA transitioned from using FEMA EMMIE Reports to FEMA Grants Portal Reports for S1 forms. During this transition, the PA Program staff encountered challenges when trying to identify the accurate obligation date for each sub-recipient, which resulted in discrepancies in the data we reported in FFATA.
• U.S. General Services Administration was continuing to transition from using DUNS to UEI numbers. During this transition, the PA Program staff and Contracts Office had to work extensively with sub-recipients to obtain the subrecipients’ UEI numbers so FFATA reports could be submitted. If the sub-recipients had not yet provided their UEI number but was granted a sub-award, the sub-award was submitted on the FFATA report without a UEI number.
During this time period, the PA Program was involved in nine major disaster declarations, creating a much higher workload than normal. PA Program personnel were spread across four locations: the PA Program main office at Camp Murray, a Joint Field Office (JFO) in Lacey, an Area Field Office (AFO) in Spokane, and an Area Field Office (AFO)-Bellingham. Simultaneously, the PA Program experienced a significant staff turnover at the program staff and supervisory levels.
Between the change in data collection/reporting processes, increased workload, decentralization of employees, and employee turnover, data entry errors were more prevalent during this time period.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subaward and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for the subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Military Department, Finance Division Procedure No. FIN-108-13, Federal Funding Accountability and Transparency Act (FFATA) Reporting, states in part:
The WMD Contracts Office is responsible for all FFATA Reporting, which will be conducted no later than the end of each month.
A. FFATA Reporting:
1. Monthly FFATA reports will be generated and filed in the FFATA Subaward Reporting System (FSRS) website by the end of the month following the month in which WMD awards any subcontract greater than $30,000. The reports generated and filed using the “Submitting FFATA Reports” procedures established by the Contracts Office.
2. By the 15th of each month, the Public Assistance program will enter all subawards for the reporting month in the FFATA reporting worksheet located on the Grants page within the Finance Department’s SharePoint site. All PA awards included in the FFATA reporting worksheet are reported by the contracts office, even if it is under the $30,000 threshold.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-024 The Office of Superintendent of Public Instruction improperly charged $5,139 to the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $5,139
Prior Year Audit Finding: None
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local education agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $251 million in federal IDEA grant funds during fiscal year 2024 and passed about $243 million of that funding through to LEAs and educational service districts.
The grantor identified that obligations charged to the fiscal year 2022 IDEA grant funds must be obligated or incurred prior to September 30, 2023.
Description of Condition
The Office improperly charged $5,139 to the program.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. We used a nonstatistical sampling method to randomly select and examine 13 payments of a total of 68 that the Office made close to the end of the obligation period to ensure they were allowable and obligated within the proper period. During our testing, we found three charges totaling $5,139 that were obligated after the obligation period ended.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2023 IDEA part B grant. These payments were initially charged to an allowable grant, but staff made adjustments and moved them to the fiscal year 2022 IDEA part B grant. Therefore, the payments were then noncompliant with period of performance requirements.
Effect of Condition and Questioned Costs
We identified $5,139 in questioned costs that were obligated outside the obligation date.
Projection to population Known Questioned Costs Likely Questioned Costs
Federal expenditures $5,139 $26,883
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding.
To ensure that expenditures occurring outside of a grant’s period of performance are not shifted to the grant during its liquidation period, OSPI has established internal controls to address accounting adjustments made during liquidation periods. Journal vouchers (corrections) will be verified by budget staff prior to submission to ensure expenditures occurred within the grant period of performance. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through reconciliation of monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum.
• Verify that all expenditures corrected with journal vouchers during the grant liquidation period have occurred during the grant period of performance.
• Complete expenditure corrections within the grant liquidation period.
• Liquidation is done on the last business day of January (or 120 days after the budget period ends).
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2022 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H137A210074 and H027A210074 as July 1, 2021 through September 30, 2023.
Tile 20 United States Code 1225(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months.
2024-025 Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-036
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grant to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $285 million in federal IDEA grant funds during fiscal year 2024 and passed about $276 million of that funding through to LEAs and all nine education service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the subaward’s terms and conditions to determine the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2023-036, 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office’s Special Education division revised and expanded the form package that ESDs need to submit as part of year-end reporting. The corrective action was not fully implemented during the fiscal 2024 year, and therefore the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. As of April 2024, OSPI Special Education division fully implemented the accepted corrective action plan and conducted fiscal monitoring of all nine (9) Educational Service Districts (ESDs) statewide. All nine (9) ESDs received a fiscal monitoring report no later than April 2024.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to a future onsite visit if deemed necessary.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-024 The Office of Superintendent of Public Instruction improperly charged $5,139 to the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $5,139
Prior Year Audit Finding: None
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local education agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $251 million in federal IDEA grant funds during fiscal year 2024 and passed about $243 million of that funding through to LEAs and educational service districts.
The grantor identified that obligations charged to the fiscal year 2022 IDEA grant funds must be obligated or incurred prior to September 30, 2023.
Description of Condition
The Office improperly charged $5,139 to the program.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. We used a nonstatistical sampling method to randomly select and examine 13 payments of a total of 68 that the Office made close to the end of the obligation period to ensure they were allowable and obligated within the proper period. During our testing, we found three charges totaling $5,139 that were obligated after the obligation period ended.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2023 IDEA part B grant. These payments were initially charged to an allowable grant, but staff made adjustments and moved them to the fiscal year 2022 IDEA part B grant. Therefore, the payments were then noncompliant with period of performance requirements.
Effect of Condition and Questioned Costs
We identified $5,139 in questioned costs that were obligated outside the obligation date.
Projection to population Known Questioned Costs Likely Questioned Costs
Federal expenditures $5,139 $26,883
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding.
To ensure that expenditures occurring outside of a grant’s period of performance are not shifted to the grant during its liquidation period, OSPI has established internal controls to address accounting adjustments made during liquidation periods. Journal vouchers (corrections) will be verified by budget staff prior to submission to ensure expenditures occurred within the grant period of performance. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through reconciliation of monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum.
• Verify that all expenditures corrected with journal vouchers during the grant liquidation period have occurred during the grant period of performance.
• Complete expenditure corrections within the grant liquidation period.
• Liquidation is done on the last business day of January (or 120 days after the budget period ends).
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2022 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H137A210074 and H027A210074 as July 1, 2021 through September 30, 2023.
Tile 20 United States Code 1225(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months.
2024-025 Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-036
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grant to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $285 million in federal IDEA grant funds during fiscal year 2024 and passed about $276 million of that funding through to LEAs and all nine education service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the subaward’s terms and conditions to determine the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2023-036, 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office’s Special Education division revised and expanded the form package that ESDs need to submit as part of year-end reporting. The corrective action was not fully implemented during the fiscal 2024 year, and therefore the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. As of April 2024, OSPI Special Education division fully implemented the accepted corrective action plan and conducted fiscal monitoring of all nine (9) Educational Service Districts (ESDs) statewide. All nine (9) ESDs received a fiscal monitoring report no later than April 2024.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to a future onsite visit if deemed necessary.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-024 The Office of Superintendent of Public Instruction improperly charged $5,139 to the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $5,139
Prior Year Audit Finding: None
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local education agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $251 million in federal IDEA grant funds during fiscal year 2024 and passed about $243 million of that funding through to LEAs and educational service districts.
The grantor identified that obligations charged to the fiscal year 2022 IDEA grant funds must be obligated or incurred prior to September 30, 2023.
Description of Condition
The Office improperly charged $5,139 to the program.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. We used a nonstatistical sampling method to randomly select and examine 13 payments of a total of 68 that the Office made close to the end of the obligation period to ensure they were allowable and obligated within the proper period. During our testing, we found three charges totaling $5,139 that were obligated after the obligation period ended.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2023 IDEA part B grant. These payments were initially charged to an allowable grant, but staff made adjustments and moved them to the fiscal year 2022 IDEA part B grant. Therefore, the payments were then noncompliant with period of performance requirements.
Effect of Condition and Questioned Costs
We identified $5,139 in questioned costs that were obligated outside the obligation date.
Projection to population Known Questioned Costs Likely Questioned Costs
Federal expenditures $5,139 $26,883
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding.
To ensure that expenditures occurring outside of a grant’s period of performance are not shifted to the grant during its liquidation period, OSPI has established internal controls to address accounting adjustments made during liquidation periods. Journal vouchers (corrections) will be verified by budget staff prior to submission to ensure expenditures occurred within the grant period of performance. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through reconciliation of monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum.
• Verify that all expenditures corrected with journal vouchers during the grant liquidation period have occurred during the grant period of performance.
• Complete expenditure corrections within the grant liquidation period.
• Liquidation is done on the last business day of January (or 120 days after the budget period ends).
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2022 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H137A210074 and H027A210074 as July 1, 2021 through September 30, 2023.
Tile 20 United States Code 1225(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months.
2024-025 Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-036
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grant to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $285 million in federal IDEA grant funds during fiscal year 2024 and passed about $276 million of that funding through to LEAs and all nine education service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the subaward’s terms and conditions to determine the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2023-036, 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office’s Special Education division revised and expanded the form package that ESDs need to submit as part of year-end reporting. The corrective action was not fully implemented during the fiscal 2024 year, and therefore the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. As of April 2024, OSPI Special Education division fully implemented the accepted corrective action plan and conducted fiscal monitoring of all nine (9) Educational Service Districts (ESDs) statewide. All nine (9) ESDs received a fiscal monitoring report no later than April 2024.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to a future onsite visit if deemed necessary.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-024 The Office of Superintendent of Public Instruction improperly charged $5,139 to the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $5,139
Prior Year Audit Finding: None
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local education agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $251 million in federal IDEA grant funds during fiscal year 2024 and passed about $243 million of that funding through to LEAs and educational service districts.
The grantor identified that obligations charged to the fiscal year 2022 IDEA grant funds must be obligated or incurred prior to September 30, 2023.
Description of Condition
The Office improperly charged $5,139 to the program.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. We used a nonstatistical sampling method to randomly select and examine 13 payments of a total of 68 that the Office made close to the end of the obligation period to ensure they were allowable and obligated within the proper period. During our testing, we found three charges totaling $5,139 that were obligated after the obligation period ended.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2023 IDEA part B grant. These payments were initially charged to an allowable grant, but staff made adjustments and moved them to the fiscal year 2022 IDEA part B grant. Therefore, the payments were then noncompliant with period of performance requirements.
Effect of Condition and Questioned Costs
We identified $5,139 in questioned costs that were obligated outside the obligation date.
Projection to population Known Questioned Costs Likely Questioned Costs
Federal expenditures $5,139 $26,883
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding.
To ensure that expenditures occurring outside of a grant’s period of performance are not shifted to the grant during its liquidation period, OSPI has established internal controls to address accounting adjustments made during liquidation periods. Journal vouchers (corrections) will be verified by budget staff prior to submission to ensure expenditures occurred within the grant period of performance. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through reconciliation of monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum.
• Verify that all expenditures corrected with journal vouchers during the grant liquidation period have occurred during the grant period of performance.
• Complete expenditure corrections within the grant liquidation period.
• Liquidation is done on the last business day of January (or 120 days after the budget period ends).
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2022 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H137A210074 and H027A210074 as July 1, 2021 through September 30, 2023.
Tile 20 United States Code 1225(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months.
2024-025 Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-036
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grant to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $285 million in federal IDEA grant funds during fiscal year 2024 and passed about $276 million of that funding through to LEAs and all nine education service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the subaward’s terms and conditions to determine the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2023-036, 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office’s Special Education division revised and expanded the form package that ESDs need to submit as part of year-end reporting. The corrective action was not fully implemented during the fiscal 2024 year, and therefore the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. As of April 2024, OSPI Special Education division fully implemented the accepted corrective action plan and conducted fiscal monitoring of all nine (9) Educational Service Districts (ESDs) statewide. All nine (9) ESDs received a fiscal monitoring report no later than April 2024.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to a future onsite visit if deemed necessary.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-029 The Department of Social and Health Services did not have adequate internal controls to ensure it filed reports timely as required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-039
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resources incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million paid to 13 AAAs.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 47 subawards and amendments totaling $25,092,377 that it was required to report in fiscal year 2024.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-039.
Description of Condition
The Department did not have adequate internal controls to ensure it filed reports timely as required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not submit the reports on time.
We used a statistical sampling method and randomly selected and examined 10 subawards out of a total population of 47. We determined that four out of 10 subawards were not submitted on time. However, the reports were reported accurately, were not missing any of the key elements and the amounts reported were correct.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
The Department had procedures in place to ensure it reported subawards and amendments in FSRS. However, due to management turnover during the previous fiscal year, staff was behind in submitting subawards and amendments in FSRS and is in the process of becoming current.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it reports all first-tier subawards of $30,000 more in FSRS by the federal deadlines.
Department’s Response
The Department concurs with the finding.
Due to management and fiscal staff turnover in fiscal year 2023, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts were entered.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By January 19, 2024, the Office Chief or designee started reviewing the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Fiscal Year 2023 Corrective Action Plan was not completed until March 1, 2024, therefore there were still exceptions during the audit period of July 1, 2023, to June 30, 2024.
The Finance and Contract Units will work in collaboration to streamline notification of contract execution dates by June 30, 2025, ensuring that fiscal staff are aware of executed contracts and submitting FFATA reports timely.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, statins in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-030 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-040
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipients so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with federal award identification element requirements. The prior finding number was 2023-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
We used a nonstatistical sampling method to randomly select and examine five of 11 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all five subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, it did not communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by law.
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for same issue in FY2023 was not completed until July 2024.
Effective July 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, were included for each funding source in the initial subaward as Exhibit D. Language was added to the subaward informing AAAs that future NOAs will be posted online. In addition, the Department’s fiscal staff notify inform all AAA fiscal staff via email when new NOAs are posted. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-031 The Department of Social and Health Services did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-041
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with single audit tracking requirements. The prior finding number was 2023-041.
Description of Condition
The Department did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
The Department’s process to monitor compliance is to use Excel spreadsheets to track subrecipients’ single audits. However, during the audit period, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
Due to management turnover, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. The Department developed procedures to ensure all subrecipients received a single audit, but did not implement the procedures until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for the same issue in FY2023, was not completed until October 2024.
Effective September 2024, a reminder process was implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in the Tracker system.
Effective October 2024, the Single Monitor Tracking Sheet was updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, when a management letter is sent, and the AAA responses.
Effective October 2024 and ongoing, the AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure that all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-029 The Department of Social and Health Services did not have adequate internal controls to ensure it filed reports timely as required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-039
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resources incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million paid to 13 AAAs.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 47 subawards and amendments totaling $25,092,377 that it was required to report in fiscal year 2024.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-039.
Description of Condition
The Department did not have adequate internal controls to ensure it filed reports timely as required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not submit the reports on time.
We used a statistical sampling method and randomly selected and examined 10 subawards out of a total population of 47. We determined that four out of 10 subawards were not submitted on time. However, the reports were reported accurately, were not missing any of the key elements and the amounts reported were correct.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
The Department had procedures in place to ensure it reported subawards and amendments in FSRS. However, due to management turnover during the previous fiscal year, staff was behind in submitting subawards and amendments in FSRS and is in the process of becoming current.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it reports all first-tier subawards of $30,000 more in FSRS by the federal deadlines.
Department’s Response
The Department concurs with the finding.
Due to management and fiscal staff turnover in fiscal year 2023, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts were entered.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By January 19, 2024, the Office Chief or designee started reviewing the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Fiscal Year 2023 Corrective Action Plan was not completed until March 1, 2024, therefore there were still exceptions during the audit period of July 1, 2023, to June 30, 2024.
The Finance and Contract Units will work in collaboration to streamline notification of contract execution dates by June 30, 2025, ensuring that fiscal staff are aware of executed contracts and submitting FFATA reports timely.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, statins in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-030 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-040
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipients so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with federal award identification element requirements. The prior finding number was 2023-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
We used a nonstatistical sampling method to randomly select and examine five of 11 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all five subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, it did not communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by law.
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for same issue in FY2023 was not completed until July 2024.
Effective July 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, were included for each funding source in the initial subaward as Exhibit D. Language was added to the subaward informing AAAs that future NOAs will be posted online. In addition, the Department’s fiscal staff notify inform all AAA fiscal staff via email when new NOAs are posted. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-031 The Department of Social and Health Services did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-041
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with single audit tracking requirements. The prior finding number was 2023-041.
Description of Condition
The Department did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
The Department’s process to monitor compliance is to use Excel spreadsheets to track subrecipients’ single audits. However, during the audit period, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
Due to management turnover, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. The Department developed procedures to ensure all subrecipients received a single audit, but did not implement the procedures until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for the same issue in FY2023, was not completed until October 2024.
Effective September 2024, a reminder process was implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in the Tracker system.
Effective October 2024, the Single Monitor Tracking Sheet was updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, when a management letter is sent, and the AAA responses.
Effective October 2024 and ongoing, the AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure that all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-029 The Department of Social and Health Services did not have adequate internal controls to ensure it filed reports timely as required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-039
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resources incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million paid to 13 AAAs.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 47 subawards and amendments totaling $25,092,377 that it was required to report in fiscal year 2024.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-039.
Description of Condition
The Department did not have adequate internal controls to ensure it filed reports timely as required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not submit the reports on time.
We used a statistical sampling method and randomly selected and examined 10 subawards out of a total population of 47. We determined that four out of 10 subawards were not submitted on time. However, the reports were reported accurately, were not missing any of the key elements and the amounts reported were correct.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
The Department had procedures in place to ensure it reported subawards and amendments in FSRS. However, due to management turnover during the previous fiscal year, staff was behind in submitting subawards and amendments in FSRS and is in the process of becoming current.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it reports all first-tier subawards of $30,000 more in FSRS by the federal deadlines.
Department’s Response
The Department concurs with the finding.
Due to management and fiscal staff turnover in fiscal year 2023, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts were entered.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By January 19, 2024, the Office Chief or designee started reviewing the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Fiscal Year 2023 Corrective Action Plan was not completed until March 1, 2024, therefore there were still exceptions during the audit period of July 1, 2023, to June 30, 2024.
The Finance and Contract Units will work in collaboration to streamline notification of contract execution dates by June 30, 2025, ensuring that fiscal staff are aware of executed contracts and submitting FFATA reports timely.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, statins in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-030 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-040
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipients so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with federal award identification element requirements. The prior finding number was 2023-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
We used a nonstatistical sampling method to randomly select and examine five of 11 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all five subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, it did not communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by law.
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for same issue in FY2023 was not completed until July 2024.
Effective July 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, were included for each funding source in the initial subaward as Exhibit D. Language was added to the subaward informing AAAs that future NOAs will be posted online. In addition, the Department’s fiscal staff notify inform all AAA fiscal staff via email when new NOAs are posted. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-031 The Department of Social and Health Services did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-041
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with single audit tracking requirements. The prior finding number was 2023-041.
Description of Condition
The Department did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
The Department’s process to monitor compliance is to use Excel spreadsheets to track subrecipients’ single audits. However, during the audit period, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
Due to management turnover, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. The Department developed procedures to ensure all subrecipients received a single audit, but did not implement the procedures until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for the same issue in FY2023, was not completed until October 2024.
Effective September 2024, a reminder process was implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in the Tracker system.
Effective October 2024, the Single Monitor Tracking Sheet was updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, when a management letter is sent, and the AAA responses.
Effective October 2024 and ongoing, the AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure that all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-029 The Department of Social and Health Services did not have adequate internal controls to ensure it filed reports timely as required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-039
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resources incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million paid to 13 AAAs.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 47 subawards and amendments totaling $25,092,377 that it was required to report in fiscal year 2024.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-039.
Description of Condition
The Department did not have adequate internal controls to ensure it filed reports timely as required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not submit the reports on time.
We used a statistical sampling method and randomly selected and examined 10 subawards out of a total population of 47. We determined that four out of 10 subawards were not submitted on time. However, the reports were reported accurately, were not missing any of the key elements and the amounts reported were correct.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
The Department had procedures in place to ensure it reported subawards and amendments in FSRS. However, due to management turnover during the previous fiscal year, staff was behind in submitting subawards and amendments in FSRS and is in the process of becoming current.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it reports all first-tier subawards of $30,000 more in FSRS by the federal deadlines.
Department’s Response
The Department concurs with the finding.
Due to management and fiscal staff turnover in fiscal year 2023, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts were entered.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By January 19, 2024, the Office Chief or designee started reviewing the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Fiscal Year 2023 Corrective Action Plan was not completed until March 1, 2024, therefore there were still exceptions during the audit period of July 1, 2023, to June 30, 2024.
The Finance and Contract Units will work in collaboration to streamline notification of contract execution dates by June 30, 2025, ensuring that fiscal staff are aware of executed contracts and submitting FFATA reports timely.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, statins in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-030 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-040
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipients so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with federal award identification element requirements. The prior finding number was 2023-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
We used a nonstatistical sampling method to randomly select and examine five of 11 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all five subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, it did not communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by law.
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for same issue in FY2023 was not completed until July 2024.
Effective July 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, were included for each funding source in the initial subaward as Exhibit D. Language was added to the subaward informing AAAs that future NOAs will be posted online. In addition, the Department’s fiscal staff notify inform all AAA fiscal staff via email when new NOAs are posted. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-031 The Department of Social and Health Services did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-041
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with single audit tracking requirements. The prior finding number was 2023-041.
Description of Condition
The Department did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
The Department’s process to monitor compliance is to use Excel spreadsheets to track subrecipients’ single audits. However, during the audit period, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
Due to management turnover, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. The Department developed procedures to ensure all subrecipients received a single audit, but did not implement the procedures until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for the same issue in FY2023, was not completed until October 2024.
Effective September 2024, a reminder process was implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in the Tracker system.
Effective October 2024, the Single Monitor Tracking Sheet was updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, when a management letter is sent, and the AAA responses.
Effective October 2024 and ongoing, the AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure that all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-029 The Department of Social and Health Services did not have adequate internal controls to ensure it filed reports timely as required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-039
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resources incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million paid to 13 AAAs.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 47 subawards and amendments totaling $25,092,377 that it was required to report in fiscal year 2024.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-039.
Description of Condition
The Department did not have adequate internal controls to ensure it filed reports timely as required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not submit the reports on time.
We used a statistical sampling method and randomly selected and examined 10 subawards out of a total population of 47. We determined that four out of 10 subawards were not submitted on time. However, the reports were reported accurately, were not missing any of the key elements and the amounts reported were correct.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
The Department had procedures in place to ensure it reported subawards and amendments in FSRS. However, due to management turnover during the previous fiscal year, staff was behind in submitting subawards and amendments in FSRS and is in the process of becoming current.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it reports all first-tier subawards of $30,000 more in FSRS by the federal deadlines.
Department’s Response
The Department concurs with the finding.
Due to management and fiscal staff turnover in fiscal year 2023, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts were entered.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By January 19, 2024, the Office Chief or designee started reviewing the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Fiscal Year 2023 Corrective Action Plan was not completed until March 1, 2024, therefore there were still exceptions during the audit period of July 1, 2023, to June 30, 2024.
The Finance and Contract Units will work in collaboration to streamline notification of contract execution dates by June 30, 2025, ensuring that fiscal staff are aware of executed contracts and submitting FFATA reports timely.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, statins in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-030 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-040
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipients so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with federal award identification element requirements. The prior finding number was 2023-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
We used a nonstatistical sampling method to randomly select and examine five of 11 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all five subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, it did not communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by law.
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for same issue in FY2023 was not completed until July 2024.
Effective July 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, were included for each funding source in the initial subaward as Exhibit D. Language was added to the subaward informing AAAs that future NOAs will be posted online. In addition, the Department’s fiscal staff notify inform all AAA fiscal staff via email when new NOAs are posted. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-031 The Department of Social and Health Services did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-041
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with single audit tracking requirements. The prior finding number was 2023-041.
Description of Condition
The Department did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
The Department’s process to monitor compliance is to use Excel spreadsheets to track subrecipients’ single audits. However, during the audit period, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
Due to management turnover, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. The Department developed procedures to ensure all subrecipients received a single audit, but did not implement the procedures until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for the same issue in FY2023, was not completed until October 2024.
Effective September 2024, a reminder process was implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in the Tracker system.
Effective October 2024, the Single Monitor Tracking Sheet was updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, when a management letter is sent, and the AAA responses.
Effective October 2024 and ongoing, the AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure that all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $415,579,473
Prior Year Audit Finding: Yes, Finding 2023-058
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness that led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-060
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-061
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate:
• Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award
• Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.60 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii)Mandatory Funds for States that do not request Matching Funds are available until expended.
(4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-062
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendation
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-064
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require nonrelative FFN providers to complete health and safety training within 90 days of their subsidy payment begin date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for nonrelative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and reminds the provider of the ongoing training requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the nine prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2023-064, 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015-024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,416 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 16 instances (27%) in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame.
Nonrelative FFN provider ongoing training and annual technical visits
The Department asserted that it uses the FFN Household CCDF Monitoring Report in WA Compass to determine if the FFN meets all training requirements. After reviewing this report, we determined that while the report contains information on current training requirements, it does not contain information for training that has already occurred during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 16 of the 59 monitoring follow-up visits within the required timeframe that we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Nonrelative FFN provider ongoing training and technical visits
Department staff remove FFNs from the personal tracking spreadsheets once training is completed, and the information is not maintained in the WA Compass system, which prevented our Office from fully auditing the Department’s monitoring activities during the audit period for ensuring that training requirements for FFNs were completed timely.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements, which can put children in jeopardy of harm, neglect and unhealthy environments.
Nonrelative FFN provider ongoing training and technical visits
By not retaining documentation of monitoring activities, the Department could not demonstrate that it was performing monitoring.
Recommendation
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Improve documentation of internal controls to support that it performed monitoring activities during the audit period
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the State Auditor’s Office (SAO) specific findings, the Department partially concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
The Department concurs that follow up visits were not completed timely for the cases identified by SAO. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all follow up visits within the timelines required. During state fiscal year 2024 the Department took the following actions to strengthen internal controls and increase recruitment of licensing staff:
• Developed and implemented a monitoring recheck tool in the WA Compass system assist with tracking and monitoring requirements are completed prior to cases being marked complete within the system.
• Created the option to document on the monitoring checklist when a non-compliance item is Corrected On-site during the monitoring visit.
• Created a new unit of licensing staff in King County to assist with caseload increases in the fastest growing provider area in Washington.
• Established new licensing staff positions to create a pathway for advancement to assist with staff recruitment efforts.
• Implemented new recruitment and training plans for child care licensors. Recruited and trained licensors were able to complete monitoring visits at the same rate as experienced licensing staff.
During state fiscal year 2024 the Department completed 100% of on-site monitoring visits. Of the cases identified by SAO, the average follow up visit is delayed by 11 business days. Although the follow up visits were not completed within the timelines required, 100% of the follow up visits occurred. The Department is focused on strengthening internal controls around all health and safety requirements and is confident that corrective actions taken will improve this area moving forward.. As part of its quality improvement initiative, the Department has implemented data-driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance.
Nonrelative FFN provider ongoing training and technical visits
The Department partially concurs with the audit finding. The State Auditor’s Office (SAO) selected samples and examined 44 nonrelative providers that received child care payments during the audit period. In all instances, SAO found no issues of noncompliance or exceptions, all providers had their required trainings and technical visits as outlined in the Departments applicable health and safety WACs.
The MERIT system and the WA Compass system are monitored by staff to ensure providers comply with health and safety requirements. The current WA Compass reports are real-time dashboards to assist staff with determining requirements that are due within 30, 60, 90 days. MERIT is the system of record for individual providers training requirements. Staff perform monitoring activities outlined in the reports to verify compliance, to include checking training completion dates in MERIT and updating WA Compass with the information. Once requirements are met in WA Compass the completed tasks are no longer reflected on the dashboard. The SAO maintained that the program is not auditable without the historical data showing compliance due dates to document monitoring activities including training requirements.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identify a sampling unit that can be used to accurately test internal controls around monitoring activities. Staff will continue to track and monitor FFN health and safety requirements with available tools and determine how to retain documentation to demonstrate this compliance for SAO.
Auditor’s Remarks
Regarding Nonrelative FFN provider ongoing training and technical visits, we selected and tested ongoing training and technical visits for 13 nonrelative FFN providers.
Because the Department's FFN Household CCDF Monitoring Report only contains information on current training requirements, and the Department could not provide other support for its monitoring control activities, we could not determine if monitoring occurred during the audit period.
We appreciate the Department’s commitment to improve its monitoring and compliance with health and safety requirements. We reaffirm our finding and will follow up on the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015 (4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
a. Prevention and control of infectious diseases;
b. Emergency preparedness and response planning for natural disasters and human-caused events;
c. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
d. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
1. A provider described in WAC 110-16-0015 (4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
2. The purpose of the visit is to:
a. Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
b. Observe the provider’s interactions with the child, and discuss health and safety practices;
c. Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
d. Provide regional contact information for FFN child care services and resources.
3. A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
4. At the annual, scheduled visit, the provider must show, unless previously provided to the department:
a. Proof of identity;
b. Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
c. Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
d. Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
e. The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $415,579,473
Prior Year Audit Finding: Yes, Finding 2023-058
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness that led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-060
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-061
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate:
• Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award
• Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.60 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii)Mandatory Funds for States that do not request Matching Funds are available until expended.
(4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-062
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendation
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-064
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require nonrelative FFN providers to complete health and safety training within 90 days of their subsidy payment begin date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for nonrelative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and reminds the provider of the ongoing training requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the nine prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2023-064, 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015-024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,416 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 16 instances (27%) in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame.
Nonrelative FFN provider ongoing training and annual technical visits
The Department asserted that it uses the FFN Household CCDF Monitoring Report in WA Compass to determine if the FFN meets all training requirements. After reviewing this report, we determined that while the report contains information on current training requirements, it does not contain information for training that has already occurred during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 16 of the 59 monitoring follow-up visits within the required timeframe that we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Nonrelative FFN provider ongoing training and technical visits
Department staff remove FFNs from the personal tracking spreadsheets once training is completed, and the information is not maintained in the WA Compass system, which prevented our Office from fully auditing the Department’s monitoring activities during the audit period for ensuring that training requirements for FFNs were completed timely.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements, which can put children in jeopardy of harm, neglect and unhealthy environments.
Nonrelative FFN provider ongoing training and technical visits
By not retaining documentation of monitoring activities, the Department could not demonstrate that it was performing monitoring.
Recommendation
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Improve documentation of internal controls to support that it performed monitoring activities during the audit period
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the State Auditor’s Office (SAO) specific findings, the Department partially concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
The Department concurs that follow up visits were not completed timely for the cases identified by SAO. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all follow up visits within the timelines required. During state fiscal year 2024 the Department took the following actions to strengthen internal controls and increase recruitment of licensing staff:
• Developed and implemented a monitoring recheck tool in the WA Compass system assist with tracking and monitoring requirements are completed prior to cases being marked complete within the system.
• Created the option to document on the monitoring checklist when a non-compliance item is Corrected On-site during the monitoring visit.
• Created a new unit of licensing staff in King County to assist with caseload increases in the fastest growing provider area in Washington.
• Established new licensing staff positions to create a pathway for advancement to assist with staff recruitment efforts.
• Implemented new recruitment and training plans for child care licensors. Recruited and trained licensors were able to complete monitoring visits at the same rate as experienced licensing staff.
During state fiscal year 2024 the Department completed 100% of on-site monitoring visits. Of the cases identified by SAO, the average follow up visit is delayed by 11 business days. Although the follow up visits were not completed within the timelines required, 100% of the follow up visits occurred. The Department is focused on strengthening internal controls around all health and safety requirements and is confident that corrective actions taken will improve this area moving forward.. As part of its quality improvement initiative, the Department has implemented data-driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance.
Nonrelative FFN provider ongoing training and technical visits
The Department partially concurs with the audit finding. The State Auditor’s Office (SAO) selected samples and examined 44 nonrelative providers that received child care payments during the audit period. In all instances, SAO found no issues of noncompliance or exceptions, all providers had their required trainings and technical visits as outlined in the Departments applicable health and safety WACs.
The MERIT system and the WA Compass system are monitored by staff to ensure providers comply with health and safety requirements. The current WA Compass reports are real-time dashboards to assist staff with determining requirements that are due within 30, 60, 90 days. MERIT is the system of record for individual providers training requirements. Staff perform monitoring activities outlined in the reports to verify compliance, to include checking training completion dates in MERIT and updating WA Compass with the information. Once requirements are met in WA Compass the completed tasks are no longer reflected on the dashboard. The SAO maintained that the program is not auditable without the historical data showing compliance due dates to document monitoring activities including training requirements.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identify a sampling unit that can be used to accurately test internal controls around monitoring activities. Staff will continue to track and monitor FFN health and safety requirements with available tools and determine how to retain documentation to demonstrate this compliance for SAO.
Auditor’s Remarks
Regarding Nonrelative FFN provider ongoing training and technical visits, we selected and tested ongoing training and technical visits for 13 nonrelative FFN providers.
Because the Department's FFN Household CCDF Monitoring Report only contains information on current training requirements, and the Department could not provide other support for its monitoring control activities, we could not determine if monitoring occurred during the audit period.
We appreciate the Department’s commitment to improve its monitoring and compliance with health and safety requirements. We reaffirm our finding and will follow up on the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015 (4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
a. Prevention and control of infectious diseases;
b. Emergency preparedness and response planning for natural disasters and human-caused events;
c. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
d. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
1. A provider described in WAC 110-16-0015 (4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
2. The purpose of the visit is to:
a. Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
b. Observe the provider’s interactions with the child, and discuss health and safety practices;
c. Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
d. Provide regional contact information for FFN child care services and resources.
3. A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
4. At the annual, scheduled visit, the provider must show, unless previously provided to the department:
a. Proof of identity;
b. Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
c. Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
d. Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
e. The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $415,579,473
Prior Year Audit Finding: Yes, Finding 2023-058
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness that led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-060
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-061
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate:
• Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award
• Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.60 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii)Mandatory Funds for States that do not request Matching Funds are available until expended.
(4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-062
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendation
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-064
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require nonrelative FFN providers to complete health and safety training within 90 days of their subsidy payment begin date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for nonrelative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and reminds the provider of the ongoing training requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the nine prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2023-064, 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015-024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,416 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 16 instances (27%) in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame.
Nonrelative FFN provider ongoing training and annual technical visits
The Department asserted that it uses the FFN Household CCDF Monitoring Report in WA Compass to determine if the FFN meets all training requirements. After reviewing this report, we determined that while the report contains information on current training requirements, it does not contain information for training that has already occurred during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 16 of the 59 monitoring follow-up visits within the required timeframe that we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Nonrelative FFN provider ongoing training and technical visits
Department staff remove FFNs from the personal tracking spreadsheets once training is completed, and the information is not maintained in the WA Compass system, which prevented our Office from fully auditing the Department’s monitoring activities during the audit period for ensuring that training requirements for FFNs were completed timely.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements, which can put children in jeopardy of harm, neglect and unhealthy environments.
Nonrelative FFN provider ongoing training and technical visits
By not retaining documentation of monitoring activities, the Department could not demonstrate that it was performing monitoring.
Recommendation
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Improve documentation of internal controls to support that it performed monitoring activities during the audit period
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the State Auditor’s Office (SAO) specific findings, the Department partially concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
The Department concurs that follow up visits were not completed timely for the cases identified by SAO. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all follow up visits within the timelines required. During state fiscal year 2024 the Department took the following actions to strengthen internal controls and increase recruitment of licensing staff:
• Developed and implemented a monitoring recheck tool in the WA Compass system assist with tracking and monitoring requirements are completed prior to cases being marked complete within the system.
• Created the option to document on the monitoring checklist when a non-compliance item is Corrected On-site during the monitoring visit.
• Created a new unit of licensing staff in King County to assist with caseload increases in the fastest growing provider area in Washington.
• Established new licensing staff positions to create a pathway for advancement to assist with staff recruitment efforts.
• Implemented new recruitment and training plans for child care licensors. Recruited and trained licensors were able to complete monitoring visits at the same rate as experienced licensing staff.
During state fiscal year 2024 the Department completed 100% of on-site monitoring visits. Of the cases identified by SAO, the average follow up visit is delayed by 11 business days. Although the follow up visits were not completed within the timelines required, 100% of the follow up visits occurred. The Department is focused on strengthening internal controls around all health and safety requirements and is confident that corrective actions taken will improve this area moving forward.. As part of its quality improvement initiative, the Department has implemented data-driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance.
Nonrelative FFN provider ongoing training and technical visits
The Department partially concurs with the audit finding. The State Auditor’s Office (SAO) selected samples and examined 44 nonrelative providers that received child care payments during the audit period. In all instances, SAO found no issues of noncompliance or exceptions, all providers had their required trainings and technical visits as outlined in the Departments applicable health and safety WACs.
The MERIT system and the WA Compass system are monitored by staff to ensure providers comply with health and safety requirements. The current WA Compass reports are real-time dashboards to assist staff with determining requirements that are due within 30, 60, 90 days. MERIT is the system of record for individual providers training requirements. Staff perform monitoring activities outlined in the reports to verify compliance, to include checking training completion dates in MERIT and updating WA Compass with the information. Once requirements are met in WA Compass the completed tasks are no longer reflected on the dashboard. The SAO maintained that the program is not auditable without the historical data showing compliance due dates to document monitoring activities including training requirements.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identify a sampling unit that can be used to accurately test internal controls around monitoring activities. Staff will continue to track and monitor FFN health and safety requirements with available tools and determine how to retain documentation to demonstrate this compliance for SAO.
Auditor’s Remarks
Regarding Nonrelative FFN provider ongoing training and technical visits, we selected and tested ongoing training and technical visits for 13 nonrelative FFN providers.
Because the Department's FFN Household CCDF Monitoring Report only contains information on current training requirements, and the Department could not provide other support for its monitoring control activities, we could not determine if monitoring occurred during the audit period.
We appreciate the Department’s commitment to improve its monitoring and compliance with health and safety requirements. We reaffirm our finding and will follow up on the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015 (4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
a. Prevention and control of infectious diseases;
b. Emergency preparedness and response planning for natural disasters and human-caused events;
c. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
d. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
1. A provider described in WAC 110-16-0015 (4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
2. The purpose of the visit is to:
a. Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
b. Observe the provider’s interactions with the child, and discuss health and safety practices;
c. Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
d. Provide regional contact information for FFN child care services and resources.
3. A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
4. At the annual, scheduled visit, the provider must show, unless previously provided to the department:
a. Proof of identity;
b. Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
c. Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
d. Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
e. The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $415,579,473
Prior Year Audit Finding: Yes, Finding 2023-058
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness that led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-060
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-061
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate:
• Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award
• Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.60 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii)Mandatory Funds for States that do not request Matching Funds are available until expended.
(4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-062
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendation
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-064
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require nonrelative FFN providers to complete health and safety training within 90 days of their subsidy payment begin date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for nonrelative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and reminds the provider of the ongoing training requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the nine prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2023-064, 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015-024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,416 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 16 instances (27%) in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame.
Nonrelative FFN provider ongoing training and annual technical visits
The Department asserted that it uses the FFN Household CCDF Monitoring Report in WA Compass to determine if the FFN meets all training requirements. After reviewing this report, we determined that while the report contains information on current training requirements, it does not contain information for training that has already occurred during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 16 of the 59 monitoring follow-up visits within the required timeframe that we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Nonrelative FFN provider ongoing training and technical visits
Department staff remove FFNs from the personal tracking spreadsheets once training is completed, and the information is not maintained in the WA Compass system, which prevented our Office from fully auditing the Department’s monitoring activities during the audit period for ensuring that training requirements for FFNs were completed timely.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements, which can put children in jeopardy of harm, neglect and unhealthy environments.
Nonrelative FFN provider ongoing training and technical visits
By not retaining documentation of monitoring activities, the Department could not demonstrate that it was performing monitoring.
Recommendation
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Improve documentation of internal controls to support that it performed monitoring activities during the audit period
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the State Auditor’s Office (SAO) specific findings, the Department partially concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
The Department concurs that follow up visits were not completed timely for the cases identified by SAO. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all follow up visits within the timelines required. During state fiscal year 2024 the Department took the following actions to strengthen internal controls and increase recruitment of licensing staff:
• Developed and implemented a monitoring recheck tool in the WA Compass system assist with tracking and monitoring requirements are completed prior to cases being marked complete within the system.
• Created the option to document on the monitoring checklist when a non-compliance item is Corrected On-site during the monitoring visit.
• Created a new unit of licensing staff in King County to assist with caseload increases in the fastest growing provider area in Washington.
• Established new licensing staff positions to create a pathway for advancement to assist with staff recruitment efforts.
• Implemented new recruitment and training plans for child care licensors. Recruited and trained licensors were able to complete monitoring visits at the same rate as experienced licensing staff.
During state fiscal year 2024 the Department completed 100% of on-site monitoring visits. Of the cases identified by SAO, the average follow up visit is delayed by 11 business days. Although the follow up visits were not completed within the timelines required, 100% of the follow up visits occurred. The Department is focused on strengthening internal controls around all health and safety requirements and is confident that corrective actions taken will improve this area moving forward.. As part of its quality improvement initiative, the Department has implemented data-driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance.
Nonrelative FFN provider ongoing training and technical visits
The Department partially concurs with the audit finding. The State Auditor’s Office (SAO) selected samples and examined 44 nonrelative providers that received child care payments during the audit period. In all instances, SAO found no issues of noncompliance or exceptions, all providers had their required trainings and technical visits as outlined in the Departments applicable health and safety WACs.
The MERIT system and the WA Compass system are monitored by staff to ensure providers comply with health and safety requirements. The current WA Compass reports are real-time dashboards to assist staff with determining requirements that are due within 30, 60, 90 days. MERIT is the system of record for individual providers training requirements. Staff perform monitoring activities outlined in the reports to verify compliance, to include checking training completion dates in MERIT and updating WA Compass with the information. Once requirements are met in WA Compass the completed tasks are no longer reflected on the dashboard. The SAO maintained that the program is not auditable without the historical data showing compliance due dates to document monitoring activities including training requirements.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identify a sampling unit that can be used to accurately test internal controls around monitoring activities. Staff will continue to track and monitor FFN health and safety requirements with available tools and determine how to retain documentation to demonstrate this compliance for SAO.
Auditor’s Remarks
Regarding Nonrelative FFN provider ongoing training and technical visits, we selected and tested ongoing training and technical visits for 13 nonrelative FFN providers.
Because the Department's FFN Household CCDF Monitoring Report only contains information on current training requirements, and the Department could not provide other support for its monitoring control activities, we could not determine if monitoring occurred during the audit period.
We appreciate the Department’s commitment to improve its monitoring and compliance with health and safety requirements. We reaffirm our finding and will follow up on the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015 (4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
a. Prevention and control of infectious diseases;
b. Emergency preparedness and response planning for natural disasters and human-caused events;
c. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
d. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
1. A provider described in WAC 110-16-0015 (4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
2. The purpose of the visit is to:
a. Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
b. Observe the provider’s interactions with the child, and discuss health and safety practices;
c. Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
d. Provide regional contact information for FFN child care services and resources.
3. A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
4. At the annual, scheduled visit, the provider must show, unless previously provided to the department:
a. Proof of identity;
b. Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
c. Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
d. Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
e. The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $415,579,473
Prior Year Audit Finding: Yes, Finding 2023-058
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness that led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-060
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-061
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate:
• Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award
• Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.60 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii)Mandatory Funds for States that do not request Matching Funds are available until expended.
(4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-062
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendation
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-064
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require nonrelative FFN providers to complete health and safety training within 90 days of their subsidy payment begin date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for nonrelative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and reminds the provider of the ongoing training requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the nine prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2023-064, 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015-024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,416 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 16 instances (27%) in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame.
Nonrelative FFN provider ongoing training and annual technical visits
The Department asserted that it uses the FFN Household CCDF Monitoring Report in WA Compass to determine if the FFN meets all training requirements. After reviewing this report, we determined that while the report contains information on current training requirements, it does not contain information for training that has already occurred during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 16 of the 59 monitoring follow-up visits within the required timeframe that we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Nonrelative FFN provider ongoing training and technical visits
Department staff remove FFNs from the personal tracking spreadsheets once training is completed, and the information is not maintained in the WA Compass system, which prevented our Office from fully auditing the Department’s monitoring activities during the audit period for ensuring that training requirements for FFNs were completed timely.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements, which can put children in jeopardy of harm, neglect and unhealthy environments.
Nonrelative FFN provider ongoing training and technical visits
By not retaining documentation of monitoring activities, the Department could not demonstrate that it was performing monitoring.
Recommendation
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Improve documentation of internal controls to support that it performed monitoring activities during the audit period
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the State Auditor’s Office (SAO) specific findings, the Department partially concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
The Department concurs that follow up visits were not completed timely for the cases identified by SAO. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all follow up visits within the timelines required. During state fiscal year 2024 the Department took the following actions to strengthen internal controls and increase recruitment of licensing staff:
• Developed and implemented a monitoring recheck tool in the WA Compass system assist with tracking and monitoring requirements are completed prior to cases being marked complete within the system.
• Created the option to document on the monitoring checklist when a non-compliance item is Corrected On-site during the monitoring visit.
• Created a new unit of licensing staff in King County to assist with caseload increases in the fastest growing provider area in Washington.
• Established new licensing staff positions to create a pathway for advancement to assist with staff recruitment efforts.
• Implemented new recruitment and training plans for child care licensors. Recruited and trained licensors were able to complete monitoring visits at the same rate as experienced licensing staff.
During state fiscal year 2024 the Department completed 100% of on-site monitoring visits. Of the cases identified by SAO, the average follow up visit is delayed by 11 business days. Although the follow up visits were not completed within the timelines required, 100% of the follow up visits occurred. The Department is focused on strengthening internal controls around all health and safety requirements and is confident that corrective actions taken will improve this area moving forward.. As part of its quality improvement initiative, the Department has implemented data-driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance.
Nonrelative FFN provider ongoing training and technical visits
The Department partially concurs with the audit finding. The State Auditor’s Office (SAO) selected samples and examined 44 nonrelative providers that received child care payments during the audit period. In all instances, SAO found no issues of noncompliance or exceptions, all providers had their required trainings and technical visits as outlined in the Departments applicable health and safety WACs.
The MERIT system and the WA Compass system are monitored by staff to ensure providers comply with health and safety requirements. The current WA Compass reports are real-time dashboards to assist staff with determining requirements that are due within 30, 60, 90 days. MERIT is the system of record for individual providers training requirements. Staff perform monitoring activities outlined in the reports to verify compliance, to include checking training completion dates in MERIT and updating WA Compass with the information. Once requirements are met in WA Compass the completed tasks are no longer reflected on the dashboard. The SAO maintained that the program is not auditable without the historical data showing compliance due dates to document monitoring activities including training requirements.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identify a sampling unit that can be used to accurately test internal controls around monitoring activities. Staff will continue to track and monitor FFN health and safety requirements with available tools and determine how to retain documentation to demonstrate this compliance for SAO.
Auditor’s Remarks
Regarding Nonrelative FFN provider ongoing training and technical visits, we selected and tested ongoing training and technical visits for 13 nonrelative FFN providers.
Because the Department's FFN Household CCDF Monitoring Report only contains information on current training requirements, and the Department could not provide other support for its monitoring control activities, we could not determine if monitoring occurred during the audit period.
We appreciate the Department’s commitment to improve its monitoring and compliance with health and safety requirements. We reaffirm our finding and will follow up on the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015 (4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
a. Prevention and control of infectious diseases;
b. Emergency preparedness and response planning for natural disasters and human-caused events;
c. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
d. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
1. A provider described in WAC 110-16-0015 (4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
2. The purpose of the visit is to:
a. Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
b. Observe the provider’s interactions with the child, and discuss health and safety practices;
c. Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
d. Provide regional contact information for FFN child care services and resources.
3. A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
4. At the annual, scheduled visit, the provider must show, unless previously provided to the department:
a. Proof of identity;
b. Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
c. Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
d. Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
e. The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $415,579,473
Prior Year Audit Finding: Yes, Finding 2023-058
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness that led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-060
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-061
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate:
• Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award
• Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.60 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii)Mandatory Funds for States that do not request Matching Funds are available until expended.
(4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-062
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendation
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-064
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require nonrelative FFN providers to complete health and safety training within 90 days of their subsidy payment begin date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for nonrelative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and reminds the provider of the ongoing training requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the nine prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2023-064, 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015-024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,416 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 16 instances (27%) in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame.
Nonrelative FFN provider ongoing training and annual technical visits
The Department asserted that it uses the FFN Household CCDF Monitoring Report in WA Compass to determine if the FFN meets all training requirements. After reviewing this report, we determined that while the report contains information on current training requirements, it does not contain information for training that has already occurred during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 16 of the 59 monitoring follow-up visits within the required timeframe that we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Nonrelative FFN provider ongoing training and technical visits
Department staff remove FFNs from the personal tracking spreadsheets once training is completed, and the information is not maintained in the WA Compass system, which prevented our Office from fully auditing the Department’s monitoring activities during the audit period for ensuring that training requirements for FFNs were completed timely.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements, which can put children in jeopardy of harm, neglect and unhealthy environments.
Nonrelative FFN provider ongoing training and technical visits
By not retaining documentation of monitoring activities, the Department could not demonstrate that it was performing monitoring.
Recommendation
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Improve documentation of internal controls to support that it performed monitoring activities during the audit period
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the State Auditor’s Office (SAO) specific findings, the Department partially concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
The Department concurs that follow up visits were not completed timely for the cases identified by SAO. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all follow up visits within the timelines required. During state fiscal year 2024 the Department took the following actions to strengthen internal controls and increase recruitment of licensing staff:
• Developed and implemented a monitoring recheck tool in the WA Compass system assist with tracking and monitoring requirements are completed prior to cases being marked complete within the system.
• Created the option to document on the monitoring checklist when a non-compliance item is Corrected On-site during the monitoring visit.
• Created a new unit of licensing staff in King County to assist with caseload increases in the fastest growing provider area in Washington.
• Established new licensing staff positions to create a pathway for advancement to assist with staff recruitment efforts.
• Implemented new recruitment and training plans for child care licensors. Recruited and trained licensors were able to complete monitoring visits at the same rate as experienced licensing staff.
During state fiscal year 2024 the Department completed 100% of on-site monitoring visits. Of the cases identified by SAO, the average follow up visit is delayed by 11 business days. Although the follow up visits were not completed within the timelines required, 100% of the follow up visits occurred. The Department is focused on strengthening internal controls around all health and safety requirements and is confident that corrective actions taken will improve this area moving forward.. As part of its quality improvement initiative, the Department has implemented data-driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance.
Nonrelative FFN provider ongoing training and technical visits
The Department partially concurs with the audit finding. The State Auditor’s Office (SAO) selected samples and examined 44 nonrelative providers that received child care payments during the audit period. In all instances, SAO found no issues of noncompliance or exceptions, all providers had their required trainings and technical visits as outlined in the Departments applicable health and safety WACs.
The MERIT system and the WA Compass system are monitored by staff to ensure providers comply with health and safety requirements. The current WA Compass reports are real-time dashboards to assist staff with determining requirements that are due within 30, 60, 90 days. MERIT is the system of record for individual providers training requirements. Staff perform monitoring activities outlined in the reports to verify compliance, to include checking training completion dates in MERIT and updating WA Compass with the information. Once requirements are met in WA Compass the completed tasks are no longer reflected on the dashboard. The SAO maintained that the program is not auditable without the historical data showing compliance due dates to document monitoring activities including training requirements.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identify a sampling unit that can be used to accurately test internal controls around monitoring activities. Staff will continue to track and monitor FFN health and safety requirements with available tools and determine how to retain documentation to demonstrate this compliance for SAO.
Auditor’s Remarks
Regarding Nonrelative FFN provider ongoing training and technical visits, we selected and tested ongoing training and technical visits for 13 nonrelative FFN providers.
Because the Department's FFN Household CCDF Monitoring Report only contains information on current training requirements, and the Department could not provide other support for its monitoring control activities, we could not determine if monitoring occurred during the audit period.
We appreciate the Department’s commitment to improve its monitoring and compliance with health and safety requirements. We reaffirm our finding and will follow up on the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015 (4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
a. Prevention and control of infectious diseases;
b. Emergency preparedness and response planning for natural disasters and human-caused events;
c. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
d. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
1. A provider described in WAC 110-16-0015 (4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
2. The purpose of the visit is to:
a. Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
b. Observe the provider’s interactions with the child, and discuss health and safety practices;
c. Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
d. Provide regional contact information for FFN child care services and resources.
3. A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
4. At the annual, scheduled visit, the provider must show, unless previously provided to the department:
a. Proof of identity;
b. Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
c. Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
d. Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
e. The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-004 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Child and Adult Care Food Program.
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N1199; 237WAWA3N1099; 237WAWA3N2020; 237WAWA4N1150; 247WAWA3N1199; 247WAWA3N1099; 247WAWA3N2020; 247WAWA3N1038; 247WAWA4N1150; 247WAWA4N1050
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-003
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth, and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. The Office spent about $46.9 million in federal funds, more than $46.3 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the state agency and operate as an independent center.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified to a subrecipient as a subaward, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, name of the federal awarding agency, the program’s Assistance Listing Number and title, obligation amounts, project periods and more. When some of this information is not available, the pass-through entity must provide the best information available to describe the federal award and subaward. In addition, pass-through entities must impose requirements on subrecipients so that they use the program funds in accordance with federal statutes, regulations, and the federal award’s terms and conditions.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Child and Adult Care Food Program. The prior finding number was 2023-003.
Description of Condition
The Office did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Child and Adult Care Food Program.
We identified 279 nonprofit subrecipients of the program who were paid with federal funds during fiscal year 2024 and were subject to the Uniform Guidance requirements. We examined the various methods that the Office used to communicate the required federal award identification elements to subrecipients. These methods included periodic permanent agreements, an annual application process, and program communications during the current program year. We found that these methods did not properly communicate all federal award elements, terms and conditions, and other federal award requirements to the subrecipient.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
Management responsible for ensuring compliance were not familiar with subrecipient monitoring requirements. As a result, management did not know that the program must identify and communicate the federal award identification elements to subrecipients, and that permanent agreements and annual application renewals do not constitute or substitute for a formal subaward.
During the audit period, the Office developed written procedures to address this issue to ensure it submits all elements as required, but did not implement this process until after the end of the audit period.
Effect of Condition
Without proper identification and communication of the federal award, the Office cannot properly notify subrecipients about the required federal award elements, nor impose requirements so the subrecipients use the federal award in accordance with its terms and conditions, federal statutes, and regulations. Further, the Office cannot impose any additional requirements of the pass-through entity on the subrecipient to meet its own responsibilities to the federal awarding agency, as well as other requirements as specified in the Uniform Guidance.
Recommendations
We recommend the Office:
• Establish policies and procedures to ensure subawards are clearly identified as a subaward and communicate all required information according to the Uniform Guidance
• Establish internal controls to formally communicate federal award information and requirements to subrecipients
• Consult with the grantor for additional guidance on subrecipient monitoring requirements
Office’s Response
OSPI concurs with the finding for federal award elements. This is an agreement based on the cycle year and that this was performed outside the audit timeline.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-005 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with required monitoring of subrecipients of the Child and Adult Care Food Program
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N1199; 237WAWA3N1099; 237WAWA3N2020; 237WAWA4N1150; 247WAWA3N1199; 247WAWA3N1099; 247WAWA3N2020; 247WAWA3N1038; 247WAWA4N1150; 247WAWA4N1050
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-002
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. During fiscal year 2024, the Office spent about $46.9 million in federal funds, more than $46.3 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the state agency and operate as an independent center.
Federal regulations require the Office to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial and performance reports and taking timely and appropriate action on all deficiencies pertaining to the federal award. The federal grantor, the U.S. Department of Agriculture (USDA), requires states to monitor subrecipients at least once every three years.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not have adequate internal controls over and did not comply with required monitoring of subrecipients of the CACFP. The prior finding number was 2023-002.
Description of Condition
The Office did not have adequate internal controls over and did not comply with required monitoring of subrecipients of the CACFP.
During the audit period, the Office identified 228 subrecipients for monitoring in accordance with the federal regulations. However, the Office did not comply with the regulations, as it did not monitor 23 subrecipients within the required three-year timeframe.
We examined a sample of 23 subrecipients that were scheduled to receive financial and programmatic monitoring by the Office during the audit period, to ensure they were performed properly. The Office did not monitor three of the subrecipients, which are included in the 23 referenced above. We found the other 20 subrecipients received adequate monitoring.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
A single Program Specialist was responsible for monitoring all 23 subrecipients that fell out of the required three-year monitoring cycle. Due to inadequate management oversight, these subrecipients were not monitored within the required timeframe.
Effect of Condition
Without establishing adequate internal controls, the Office cannot reasonably ensure that it can
meet the minimum monitoring requirements imposed by the federal grantor. In addition, without proper and timely monitoring of financial and programmatic performance, the Office does not have reasonable assurance that each subrecipient has complied with the terms and conditions of the subaward.
Recommendation
We recommend the Office strengthen internal controls to ensure it monitors all subrecipients according to the grantor’s minimum requirements and other federal regulations.
Office’s Response
Based on the updated exceptions, OSPI accepts the finding for CACFP (ALN 10.558) - Subrecipient Monitoring: Monitoring Activity.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities.
Title 2 CFR Part 200, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 7 CFR Part 226.6, State agency administrative responsibilities state in part:
(m) Program assistance —
(6) Frequency and number of required institution reviews. The State agency must annually review at least 33.3 percent of all institutions. At least 15 percent of the total number of facility reviews required must be unannounced. The State agency must review institutions according to the following schedule:
(i) At least once every 3 years, independent centers and sponsoring organizations that operate 1 to 100 facilities must be reviewed. A sponsoring organization review must include reviews of 10 percent of the sponsoring organization's facilities.
(ii) At least once every 2 years, sponsoring organizations that operate more than 100 facilities, that conduct activities other than CACFP, that have been identified during a recent review as having serious management problems, or that are at risk of having serious management problems must be reviewed. These reviews must include reviews of 5 percent of the sponsoring organization's first 1,000 facilities and 2.5 percent of the sponsoring organization's facilities in excess of 1,000.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-006 The Office of Superintendent of Public Instruction did not have internal controls over and did not comply with requirements to verify single audits were completed for all subrecipients of the Child and Adult Care Food Program.
Assistance Listing Number and Title: 10.558 Child and Adult Care Food Program
Federal Grantor Name: U.S. Department of Agriculture
Federal Award/Contract Number: 237WAWA3N1199; 237WAWA3N1099; 237WAWA3N2020; 237WAWA4N1150; 247WAWA3N1199; 247WAWA3N1099; 247WAWA3N2020; 247WAWA3N1038; 247WAWA4N1150; 247WAWA4N1050
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-004
Background
The Child and Adult Care Food Program (CACFP) reimburses child and adult care institutions and family or group day care homes for providing nutritious meals and snacks that contribute to the wellness, healthy growth, and development of young children, and the health and wellness of older adults and people with disabilities.
In Washington, the Office of Superintendent of Public Instruction administers CACFP. In fiscal year 2024, the Office spent about $46.9 million in federal funds, more than $46.3 million of which it paid to subrecipients.
The Office is responsible for monitoring all institutions participating in CACFP to ensure compliance with meal pattern, recordkeeping and other program requirements. Institutions that provide meals can participate through a sponsoring organization that will be financially and administratively responsible, or they can apply directly to the state agency and operate as an independent center.
Federal regulations require the Office to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient for applicable audit findings pertaining to the federal award
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Office did not comply with requirements to verify single audits were completed for all subrecipients of the Child and Adult Care Food Program. The prior finding number was 2023-004.
Description of Condition
The Office did not have internal controls over and did not comply with requirements to verify single audits were completed for all CACFP subrecipients.
The Office had processes in place to monitor that subrecipients received single audits. During the audit period, the Office had 464 CACFP subrecipients, and 45 of them were local education agencies (LEAs) or school districts. The Office’s federal compliance staff had a centralized process for LEAs to ensure they received the required audits, and we found these controls were effective.
For the 419 subrecipients that were not LEAs, the Office used information in the Federal Audit Clearinghouse (FAC) to identify subrecipients requiring a single audit. If a subrecipient that required a single audit did not complete or file its audit report timely, then the information in the FAC database would lead the Office to erroneous conclusions. As a result, we determined that the Office did not have adequate controls to identify all subrecipients that required a single audit.
We also determined the Office did not have adequate documentation that this single audit tracking process was completed during the audit period. We identified 75 subrecipients in this documentation that program staff compiled from the FAC database, and we used a statistical sampling method to randomly select and examine 13 of those subrecipients. We also judgmentally selected one subrecipient that had a program-related finding during the audit period, for a total of 13 testing samples. We found that one of these subrecipients required a single audit, but did not complete or did not submit its audit report during the audit period. The Office did not have any record that staff followed up with this subrecipient regarding the missing audit report.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Office developed written procedures to address issues identified in the prior audit to ensure it tracks all subrecipients that require single audits, but did not implement the process until after the audit period had ended.
Effect of Condition
Without establishing adequate internal controls, the Office cannot ensure that all subrecipients requiring a single audit receive one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions.
Recommendations
We recommend the Office:
• Establish effective internal controls to ensure it identifies all subrecipients requiring single audits and follows up on any program-related findings, if applicable
• Follow up with the subrecipient we identified as not having an audit to ensure it obtains its required single audit
Office’s Response
The Office concurs with the finding. The Office continues to implement the corrective action plan from the previous audit finding February 2024. Note the single audit review takes place annually between August and December of each year.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Audit findings, establishes requirements for pass-through entities.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-007 The Employment Security Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the Benefit Accuracy Measurement program of the Unemployment Insurance program in a timely manner.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34748-20-55-A-53; UI-37098-21-55-A-53; UI-37256-22-55-A-53; UI-38013-22-60-A-53; UI-39303-23-55-A-53; UI-39355-23-55-A-53; UI-00003-23-60-A-53; UI-00056-23-60-A-53; UI-00101-23-60-A-53; UI-00032-24-55-A-53; UI-00030-24-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – UI Benefit Payments
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-009
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits to unemployed workers under the Unemployment Compensation program for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs.
The Improper Payment Elimination and Recovery Act of 2010 requires state workforce agencies to maintain a quality control system. The Benefits Accuracy Measurement (BAM) program is the U.S. Department of Labor’s quality control system designed to assess the accuracy of unemployment insurance benefit payments and denied claims in separation status. The program estimates error rates and dollar amount of benefits improperly paid or denied by projecting the results from investigations in a state.
The Employment Security Department administers the state’s UI program. During fiscal year 2024, the Department paid more than $1.9 billion in unemployment insurance benefits to Washington residents.
Under the BAM program, the Department is required to draw a weekly sample of payments and denied claims. The Department must complete this sampling promptly and conduct an in-depth investigation of the claims to determine the degree of accuracy in administering the state’s Unemployment Compensation program and compliance with federal law (20 CFR 602.21(d)). The Department has established a dedicated BAM unit to meet these requirements.
The Benefit Accuracy Measurement State Operations Handbook, published by the U.S. Department of Labor’s Employment and Training Administration, indicates the time frame and requirements for conducting BAM program case sampling for paid claims. States must complete reviews of:
• Seventy percent of the sampled cases within 60 days of the week ending date of the batch; and
• Ninety five percent of the sampled cases within 90 days of the week ending date of the batch; and
• Ninety eight percent of sampled cases within 120 days of the ending date of the annual report period.
Additionally, states must sample denied claims and review:
• Sixty percent of the sampled cases within 60 days of the week ending date of the batch; and
• Eighty five percent of the sampled cases within 90 days of the week ending date of the batch; and
• Ninety eight percent of the sampled cases within 120 days of the end of the calendar year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported that the Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner. The prior finding numbers were 2023-009, 2022-006, 2021-005 and 2020-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner.
The Department did not effectively recruit, develop and retain staff to ensure it materially complied with the BAM program’s case review requirements.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not adequately staff its BAM unit with resources sufficient to meet BAM program requirements. Management did not allocate sufficient resources to the BAM unit and did not effectively retain its investigative staff assigned to the BAM unit to support its minimum required caseload. Additionally, management did not adequately monitor investigative staff caseloads and case completion rates to ensure the Department would meet the minimum federal requirements for conducting case reviews.
Effect of Condition
The Department did not comply with the federally required timelines for completing its case sampling.
For paid claims, we found the Department:
• Failed to complete the minimum required annual allocation for sampling of paid claims, completing 441 of the required 480 samples as of the audit period end date
• Completed only 430 (90%) of its 480 sampled cases within 90 days of the ending date of the annual report period, failing to meet the federal requirement of 95%
• Completed only 441 (92%) of its 480 sampled cases within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98%
For denied claims, we found the Department:
• Failed to complete the minimum required annual allocation for sampling of denied claims, completing 440 of the required 450 samples as of the audit period end date
• Completed only 145 (96%) of its 151 sampled cases of monetary denials within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98%
• Completed only 146 (97%) of its 151 sampled cases of separation denials within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98%
By not complying with the federally required timelines for completing case sampling, the Department cannot fully evaluate the accuracy of its claim decisions and is less likely to detect fraudulent payments.
Recommendation
We recommend the Department allocate the necessary staffing resources to ensure it complies with the U.S. Department of Labor’s timelines for BAM case sampling.
Department’s Response
The Department concurs with the recommendation. The Department did meet case sampling requirements for both paid and denied claims, but did not meet the timeliness requirements as stated in the effect of condition.
The Department has implemented increased oversight of case load to ensure timelines for both claim types are met.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 CFR Part 602, Quality Control in the Federal-State Unemployment Insurance System, section 21, Standard methods and procedures, establishes the requirements for states to conduct representative case sampling for quality control study of unemployment benefit claims, which state in part:
602.21 Standard methods and procedures.
Each State shall:
a. Perform the requirements of this section in accordance with instructions issued by the Department, pursuant to 602.30(a) of this part, to ensure standardization of methods and procedures in a manner consistent with this part;
b. Select representative samples for QC study of at least a minimum size specified by the Department to ensure statistical validity (for benefit payments, a minimum of 400 cases of week paid per State per year;
c. Complete prompt and in-depth case investigations to determine the degree of accuracy and timeliness in the administration of the State UC law and Federal programs with respect to benefit determinations, benefit payments, and revenue collections; and conduct other measurements and studies necessary or appropriate for carrying out the purposes of this part…
f. Furnish information and reports to the Department, including weekly transmissions of case data entered into the automated QC system and annual reports, without, in any manner, identifying individuals to whom such data pertain;
The U.S. Department of Labor, Employment and Training Administration Benefit Accuracy Measurement State Operations Handbook – ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 13: Completion of Cases and Timely Data Entry, states in part:
The following time limits are established for completion of all cases for the year. (The “year” includes all batches of weeks ending in the calendar year.):
• A minimum of 70% of cases must be completed within 60 days of the week ending date of the batch, and 95% of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98% of cases for the year must be completed within 120 days of the week ending date of the calendar year.
ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 12: Sampling Selection, states in part:
The annual sample sizes for UI paid claims and the three types of denials are fixed by DOL for the calendar year. BAM supervisors may change the weekly sample sizes in the input control record to accommodate investigator vacation schedules or other staffing contingencies. However, states are expected to pull at least the minimum number of cases each week. States may not over sample during a portion of the year in order to meet the annual sample allocation and then suspend sampling for the remainder of the calendar year. The minimum weekly and quarterly samples, based on current annual sample allocations are:
Sample Annual Allocation Normal Weekly Minimum Weekly Normal Quarterly Minimum Quarterly
Paid Claims 360* 7 5 90 81
Paid Claims 480 9 6 120 108
Denials 150/450** 3 2 37-38 32
*Allocation for ten smallest states in terms of UI workload.
**150 cases of each monetary, separation, and non-separation denials will be selected each year, for a total of 450 DCA cases.
ET Handbook No. 395, 5th Edition, Chapter VIII – Denied Claims Accuracy (DCA), Section 7: Completion of DCA Cases and Timely Data Entry, states in part:
As in paid claims, prompt completion of investigations is important to ensure the integrity of the information being collected by questioning claimant and employers before the passage of time adversely affects recollections. However, due to the fact that contacting the claimant and obtaining claimant information is more difficult than in paid claims, the timeliness standards differ as the following indicates:
• A minimum of 60% of cases must be completed within 60 days of the week ending date of the batch, and 85% of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98% of cases must be completed within 120 days of the ending date of the Calendar Year.
2024-008 The Employment Security Department did not have adequate internal controls to ensure compliance with federal requirements to annually certify that employer tax credits reported under the Federal Unemployment Tax Act are matched against employer contributions paid under the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34748-20-55-A-53; UI-37098-21-55-A-53; UI-37256-22-55-A-53; UI-38013-22-60-A-53; UI-39303-23-55-A-53; UI-39355-23-55-A-53; UI-00003-23-60-A-53; UI-00056-23-60-A-53; UI-00101-23-60-A-53; UI-00032-24-55-A-53; UI-00030-24-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions - Match with IRS 940 FUTA Tax Form
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The Unemployment Insurance (UI) program was created by the Social Security Act and provides benefits to unemployed workers under the Unemployment Compensation program for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2024, the Department paid more than $1.9 billion in unemployment insurance benefits to Washington residents.
The Federal Unemployment Tax Act (FUTA) provides for cooperation between the federal and state governments in establishment and administration of unemployment insurance. The IRS is responsible for receiving and processing the Form 940, Employer’s Annual Federal Unemployment Tax Return, or Schedule H for annual reporting of employer tax credits. The IRS uses the FUTA Certification Program to verify with states that the credits employers claimed on the Form 940, or Schedule H, were actually paid into the state unemployment fund.
The IRS Guide for Certification of State FUTA Credits (Guide) establishes the instructions for the certification of the states FUTA Tax Credits. Every September, the IRS creates a FUTA Identification Data File containing employer information, including FUTA tax credits reported, and distribute the file to states to verify tax credits reported to the IRS are accurate. The Guide stipulates that each state is responsible for certifying that this report is correct by reviewing the first 50 employers that have total state wages reported at zero (Zero Certification) and the first 50 employers that have total state wages reported at more than zero (Non-Zero Certification). The Department is required to trace the employer’s tax payments in the Next Generation Tax System (NGTS).
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with federal requirements to annually certify that employer tax credits reported under the FUTA are matched against employer contributions paid under the UI program.
The Department did not review the required minimum number of employer accounts before submitting its annual certification to the IRS. Specifically, we found the Department reviewed 98 of the 100 required samples of employers to ensure each employer reported the correct amount of unemployment contributions paid into the State's unemployment fund.
We consider these internal control deficiencies to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively design its internal controls to ensure accuracy of the certification to the IRS. Additionally, management did not adequately review employer account reconciliations its staff performed to ensure they reviewed the required number of accounts.
Effect of Condition
By not establishing adequate internal controls to ensure it reconciles all employer accounts requiring review before certification to the IRS, the Department cannot comply with federal requirements to verify FUTA tax credits are accurately reported to the IRS.
Recommendation
We recommend the Department improve its internal controls to ensure it reviews all employer accounts in accordance with federal requirements before certifying the report to the IRS.
Department’s Response
The Department thanks SAO for its work in this area and concurs with the finding. The Department is committed to ensuring our programs comply with federal regulations. The Department will recommunicate the requirement of minimal account review prior to filing the report.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
IRS Guide for the Certification of State FUTA Credits (September 2023 edition), Review Procedures, states in part:
After the FUTA Certification Data has been prepared and before transmission, the state should review the quality of the data. This review will minimize the number of re-transmission requests from the HQ staff.
Follow these review procedures:
1. Print two copies of the first 50 Zero Certification records (records where the total state wages are zero) and of the first 50 Non-Zero Certification records (records where the total state wages are other than zero). Use one copy to verify the format and components of the records against the specifications in this Publication.
2. With the second copy, using the EIN, request manual certification of these records from your appropriate state function. Compare the manual certifications with the print of the computer certifications to verify the data is the same. Remember the state reporting number provided is an additional research tool to help find the certification data for the EIN.
2024-009 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the Unemployment Insurance program to identify people likely to need reemployment services and ensure staff providing those services received required training.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34748-20-55-A-53; UI-37098-21-55-A-53; UI-37256-22-55-A-53; UI-38013-22-60-A-53; UI-39303-23-55-A-53; UI-39355-23-55-A-53; UI-00003-23-60-A-53; UI-00056-23-60-A-53; UI-00101-23-60-A-53; UI-00032-24-55-A-53; UI-00030-24-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – UI Reemployment Programs: Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-010
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department (Department) administers the state’s UI program. During fiscal year 2024, the Department paid more than $1.9 billion in unemployment insurance benefits to people in Washington.
The Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA) programs serve as the primary programs that facilitate the reemployment of UI claimants. RESEA is authorized by Section 306 of the Social Security Act, and it uses an evidence-based integrated approach that combines an assessment for continuing UI eligibility and the provision of reemployment services. The Department uses a RESEA program to satisfy the WPRS mandate in accordance with federal requirements, and its program design is documented in the RESEA State Plan approved by the U.S. Department of Labor.
According to the Department’s RESEA State Plan, the agency profiles unemployment claimants using a scoring model that is built into its Unemployment Tax and Benefit (UTAB) system to identify claimants who are likely to exhaust benefits and are in need of job search assistance to obtain new employment. The profiling model must statistically combine information on the person’s work industry, occupation, education level, county of residence, and other personal characteristics, including veteran and union status, and labor market characteristics to generate a numerical score indicating their likelihood of exhausting regular unemployment benefits before finding work. The claimants are to be ranked in a queue based on their individual score from most likely to least likely to exhaust benefits. On a weekly basis, the Department selects people from this queue for available appointments for reemployment evaluations. In July 2019, the Department implemented an online appointment scheduling system called the Reemployment Appointment Scheduler (RAS) to facilitate the appointment scheduling process for the Department’s WorkSource offices.
In June 2021, the Department deployed a pilot program proposed by the U.S. Department of Labor known as a randomized control trial (RCT), to randomly assign profile scores in lieu of using the risk profile model to profile all unemployment claimants. The objectives of the trial were to assess the impact of the RESEA program concerning duration of unemployment claims, earnings and employment probability of claimants following the provision of RESEA services, and to assess whether the program improved the identification of claimant eligibility issues and improper payment detection. Under the RCT, the WPRS score used to rank claimants was replaced with a randomly generated score, after excluding the top 5% of claimants with the highest WPRS scores.
The Department’s UI staff oversee the RESEA program, which includes participating in the planning, administration and oversight of the program, providing appropriate training to staff conducting applicant eligibility reviews, completing individual reemployment plans, and providing information and access to career and reemployment services, including referrals to other services. All staff working within the RESEA program must, at a minimum, be trained in the programmatic requirements, state laws, rules and agency policies. Department policy requires staff to complete an intensive training course before providing reemployment services to claimants, as well as take an annual refresher training once a year. Training includes information regarding job search requirements, reporting requirements and UI eligibility assessments. In addition, all staff working with RESEA participants must be trained to detect and report potential eligibility issues to the UI claims center.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the UI program to identify people likely to need reemployment services and ensure staff providing those services received required training. The prior finding number was 2023-010.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure the Department profiled all claimants under the UI program, to identify those likely to need reemployment services and ensure staff providing reemployment services received required training.
Identification for People Eligible for Reemployment Services
The Department did not adequately monitor its UTAB scoring model to ensure applicant risk profile scores were accurate to identify those claimants most likely to exhaust their unemployment benefits.
The Department is required to use a scoring model to profile all claimants to identify those likely to need reemployment services. During the audit period, the score calculated by the model was only applied for 5% of claimants with the highest score. A random score was assigned to the remaining 95% of claimants. The random score assignment did not provide adequate assurance that those people most likely to exhaust benefits were prioritized to receive reemployment services.
To determine a claimant’s profile score, the scoring model assigns 10 different coefficient rates associated with attributes that were determined by the Department to signify how likely a claimant will be to exhaust their unemployment benefits. The Department could not explain the methodology for determining an applicant’s profile score based on these 10 attributes, or how to independently recalculate the score.
The Department has not tested the calculation of the profile score to ensure it is functioning as intended and producing accurate results. In addition, management could not provide historical records to demonstrate the calculation had ever been tested since its first implementation. Therefore, the Department has no assurance that the calculation provides an accurate measurement of the risk a claimant will exhaust their benefits.
In addition, management did not monitor to determine whether the RAS system had received all eligible claimants. There is a daily process to send eligible claimants to the RAS selection queue, but there were no internal controls in place to ensure that all files sent to RAS were received and processed. In addition, RAS does not have a working test environment to test whether the system effectively schedules claimants based on defined rules and requirements.
Employee Training
The Department uses a tracking report to monitor the status of completed training for each RESEA employee. However, the Department did not adequately monitor to ensure staff who administered RESEA services to clients took required training.
We used a statistical sampling method to randomly select and examine 25 out of a total population of 277 employees that administered RESEA services to claimants during fiscal year 2024. We examined records for all RESEA training courses completed by these 25 employees and found one employee (4%) did not complete annual RESEA training during the audit period. This employee administered RESEA appointments to claimants during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Identification for People Eligible for Reemployment Services
During the implementation of the RCT, the Department did not monitor the profiling and prioritization of claimants for RESEA participation to determine whether claimants prioritized for receiving RESEA services were the most likely to exhaust their unemployment benefits.
In the prior audit our Office tested the Department’s UTAB risk scoring model and identified system weaknesses and recommended the Department review the design of its UTAB calculation to determine whether it was accurately identifying claimants most likely to exhaust regular UI benefits. However, during this audit period, the Department did not implement any system changes to the scoring model.
Employee Training
The Department asserted that the employee who did not receive annual training had returned from extended leave after their annual training was past due. Management did not ensure the employee completed the annual training before resuming work.
Effect of Condition
Identification for People Eligible for Reemployment Services
Without monitoring its automated scoring model for effectiveness, the Department cannot ensure that its systems select RESEA participants based on a valid risk profile and priority of need for reemployment services. By disabling the automated scoring model, the Department is not in compliance with provisions in the RESEA State Plan, and it cannot ensure that claimants selected for RESEA appointment services should have received consideration over higher-risk claimants who may be excluded in the RCT.
Employee Training
By not maintaining adequate training records for its employees, the Department cannot demonstrate that all RESEA staff have been properly trained on unemployment eligibility requirements in order to administer reemployment services to clients, as required in the RESEA State Plan.
Recommendation
We recommend the Department:
• Review the design of its UTAB calculation to determine an applicant’s risk profile score and test the calculation of the score to determine whether the system is accurately identifying claimants most likely to exhaust benefits. This understanding and testing should ensure that coefficient values are correctly determined and assigned by the UTAB system.
• Reconcile the interface between the UTAB system and the scheduling system to ensure the RAS scheduling system received all RESEA eligible claimants
• Consider implementing additional internal controls to ensure claimants are profiled and prioritized for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements
• Establish adequate internal controls to ensure all employees receive required RESEA training before providing reemployment screening services to claimants
• Ensure staff administering RESEA services on behalf of the Department have completed required training before providing services to claimants
Department’s Response
The Department thanks the State Auditor’s Office for its work to ensure compliance with federal requirements for the UI Program.
The Department would like to clarify it does use two federally approved methods to profile and prioritize for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements. The first is the profile score calculation, and the second is the federal pilot program which assigns priority differently than the profile score and is helping develop better outcomes.
The Department concurs with the recommendation regarding review and design of the profile score calculation so that ESD can accurately determine the effectiveness of the profile scoring. The Department in response to this finding in the prior audit year implemented a corrective action plan with a timeline of April 2025. This involved Department review of processes to effectively validate profile scores based upon new coefficients. That work began in October 2024 and ESD continues to discuss processes, prioritization, and resources to complete this work.
The Department continues to perform work and allocate resources to address reconciliation between the RAS scheduler and the UTAB system.
The Department monitors local offices for staff who have taken training and provide RESEA services. In the specific case cited in the finding, it was one staff member of 279 who was out for approved extended leave and missed the required training period for the refresher training. The Department additionally completed intensive training during the same period for 75 staff, for a total of 354 during SFY24. The Department has implemented follow up communication with local offices to remind members to attend the required training.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 United States Code, Chapter 7 – Social Security, Subchapter III – Grants to States for Unemployment Compensation Administration, § 503 – State laws, states in part:
(j) Worker profiling
(1) The State agency charged with the administration of the State law shall establish and utilize a system of profiling all new claimants for regular compensation that –
(A) Identifies which claimants will be likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment;
(B) Refers claimants identified pursuant to subparagraph (A) to reemployment services, such as job search assistance services; available under any State or Federal law;
Revised Code of Washington (RCW), Title 50, Unemployment Compensation, Section 50.20.011, Profiling system to identify individuals likely to exhaust benefits – Confidentiality of information – Penalty, states in part:
1. The commissioner shall establish and use a profiling system for new claimants for regular compensation under this title that identifies permanently separated workers who are likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment. The profiling system shall use a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion. Individuals identified as likely to exhaust benefits shall be referred to reemployment services, such as job search assistance services, to the extent such services are available at public expense.
2. The profiling system shall include collection and review of follow-up information relating to the services received by individuals under this section and the employment outcomes for the individuals following receipt of the services. The information shall be used in making profiling identifications.
Washington State Employment Security Department, Wagner-Peyser Employment Service Policy 4050, Reemployment Services and Eligibility Assessments (RESEA) program, states in part:
3. Policy:
A. Staff Training requirements for RESEA Services
Staff working in the RESEA program must, at a minimum, be trained in the program’s requirements, including state laws, rules, and agency policies related to job search, reporting requirements and UI eligibility assessments, prior to providing direct services to claimants and then receive annual refresher training thereafter. All staff working with RESEA participants must be trained to detect and report potential issues to the unemployment insurance claims centers.
B. Claimant selection for RESEA services
RCW 50.20.11 states, in part, that a profiling system must be established to identify new permanently separated claimants most likely to exhaust regular UI benefits and that are in need of job search assistance services to make successful transitions to new employment. This system uses a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion known as the profile score. Claimants with a work search requirement will be given a profile score. Those still attached to an employer will not receive a profile score.
Based on ranked scoring, claimants are selected and added to an electronic list as eligible to receive RESEA services. Claimants identified as most likely to exhaust, or as UCX receive top priority.
Selection occurs between the second and fifth week of a valid claim. Claimants waiting on decisions or for their claims to become valid are not selected until they have valid claims and are eligible for benefits.
2024-007 The Employment Security Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the Benefit Accuracy Measurement program of the Unemployment Insurance program in a timely manner.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34748-20-55-A-53; UI-37098-21-55-A-53; UI-37256-22-55-A-53; UI-38013-22-60-A-53; UI-39303-23-55-A-53; UI-39355-23-55-A-53; UI-00003-23-60-A-53; UI-00056-23-60-A-53; UI-00101-23-60-A-53; UI-00032-24-55-A-53; UI-00030-24-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – UI Benefit Payments
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-009
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and provides benefits to unemployed workers under the Unemployment Compensation program for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs.
The Improper Payment Elimination and Recovery Act of 2010 requires state workforce agencies to maintain a quality control system. The Benefits Accuracy Measurement (BAM) program is the U.S. Department of Labor’s quality control system designed to assess the accuracy of unemployment insurance benefit payments and denied claims in separation status. The program estimates error rates and dollar amount of benefits improperly paid or denied by projecting the results from investigations in a state.
The Employment Security Department administers the state’s UI program. During fiscal year 2024, the Department paid more than $1.9 billion in unemployment insurance benefits to Washington residents.
Under the BAM program, the Department is required to draw a weekly sample of payments and denied claims. The Department must complete this sampling promptly and conduct an in-depth investigation of the claims to determine the degree of accuracy in administering the state’s Unemployment Compensation program and compliance with federal law (20 CFR 602.21(d)). The Department has established a dedicated BAM unit to meet these requirements.
The Benefit Accuracy Measurement State Operations Handbook, published by the U.S. Department of Labor’s Employment and Training Administration, indicates the time frame and requirements for conducting BAM program case sampling for paid claims. States must complete reviews of:
• Seventy percent of the sampled cases within 60 days of the week ending date of the batch; and
• Ninety five percent of the sampled cases within 90 days of the week ending date of the batch; and
• Ninety eight percent of sampled cases within 120 days of the ending date of the annual report period.
Additionally, states must sample denied claims and review:
• Sixty percent of the sampled cases within 60 days of the week ending date of the batch; and
• Eighty five percent of the sampled cases within 90 days of the week ending date of the batch; and
• Ninety eight percent of the sampled cases within 120 days of the end of the calendar year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported that the Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner. The prior finding numbers were 2023-009, 2022-006, 2021-005 and 2020-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to conduct case reviews for the BAM program of the UI program in a timely manner.
The Department did not effectively recruit, develop and retain staff to ensure it materially complied with the BAM program’s case review requirements.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not adequately staff its BAM unit with resources sufficient to meet BAM program requirements. Management did not allocate sufficient resources to the BAM unit and did not effectively retain its investigative staff assigned to the BAM unit to support its minimum required caseload. Additionally, management did not adequately monitor investigative staff caseloads and case completion rates to ensure the Department would meet the minimum federal requirements for conducting case reviews.
Effect of Condition
The Department did not comply with the federally required timelines for completing its case sampling.
For paid claims, we found the Department:
• Failed to complete the minimum required annual allocation for sampling of paid claims, completing 441 of the required 480 samples as of the audit period end date
• Completed only 430 (90%) of its 480 sampled cases within 90 days of the ending date of the annual report period, failing to meet the federal requirement of 95%
• Completed only 441 (92%) of its 480 sampled cases within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98%
For denied claims, we found the Department:
• Failed to complete the minimum required annual allocation for sampling of denied claims, completing 440 of the required 450 samples as of the audit period end date
• Completed only 145 (96%) of its 151 sampled cases of monetary denials within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98%
• Completed only 146 (97%) of its 151 sampled cases of separation denials within 120 days of the ending date of the annual report period, failing to meet the federal requirement of 98%
By not complying with the federally required timelines for completing case sampling, the Department cannot fully evaluate the accuracy of its claim decisions and is less likely to detect fraudulent payments.
Recommendation
We recommend the Department allocate the necessary staffing resources to ensure it complies with the U.S. Department of Labor’s timelines for BAM case sampling.
Department’s Response
The Department concurs with the recommendation. The Department did meet case sampling requirements for both paid and denied claims, but did not meet the timeliness requirements as stated in the effect of condition.
The Department has implemented increased oversight of case load to ensure timelines for both claim types are met.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 CFR Part 602, Quality Control in the Federal-State Unemployment Insurance System, section 21, Standard methods and procedures, establishes the requirements for states to conduct representative case sampling for quality control study of unemployment benefit claims, which state in part:
602.21 Standard methods and procedures.
Each State shall:
a. Perform the requirements of this section in accordance with instructions issued by the Department, pursuant to 602.30(a) of this part, to ensure standardization of methods and procedures in a manner consistent with this part;
b. Select representative samples for QC study of at least a minimum size specified by the Department to ensure statistical validity (for benefit payments, a minimum of 400 cases of week paid per State per year;
c. Complete prompt and in-depth case investigations to determine the degree of accuracy and timeliness in the administration of the State UC law and Federal programs with respect to benefit determinations, benefit payments, and revenue collections; and conduct other measurements and studies necessary or appropriate for carrying out the purposes of this part…
f. Furnish information and reports to the Department, including weekly transmissions of case data entered into the automated QC system and annual reports, without, in any manner, identifying individuals to whom such data pertain;
The U.S. Department of Labor, Employment and Training Administration Benefit Accuracy Measurement State Operations Handbook – ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 13: Completion of Cases and Timely Data Entry, states in part:
The following time limits are established for completion of all cases for the year. (The “year” includes all batches of weeks ending in the calendar year.):
• A minimum of 70% of cases must be completed within 60 days of the week ending date of the batch, and 95% of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98% of cases for the year must be completed within 120 days of the week ending date of the calendar year.
ET Handbook No. 395, 5th Edition, Chapter VI – Investigative Procedures, Section 12: Sampling Selection, states in part:
The annual sample sizes for UI paid claims and the three types of denials are fixed by DOL for the calendar year. BAM supervisors may change the weekly sample sizes in the input control record to accommodate investigator vacation schedules or other staffing contingencies. However, states are expected to pull at least the minimum number of cases each week. States may not over sample during a portion of the year in order to meet the annual sample allocation and then suspend sampling for the remainder of the calendar year. The minimum weekly and quarterly samples, based on current annual sample allocations are:
Sample Annual Allocation Normal Weekly Minimum Weekly Normal Quarterly Minimum Quarterly
Paid Claims 360* 7 5 90 81
Paid Claims 480 9 6 120 108
Denials 150/450** 3 2 37-38 32
*Allocation for ten smallest states in terms of UI workload.
**150 cases of each monetary, separation, and non-separation denials will be selected each year, for a total of 450 DCA cases.
ET Handbook No. 395, 5th Edition, Chapter VIII – Denied Claims Accuracy (DCA), Section 7: Completion of DCA Cases and Timely Data Entry, states in part:
As in paid claims, prompt completion of investigations is important to ensure the integrity of the information being collected by questioning claimant and employers before the passage of time adversely affects recollections. However, due to the fact that contacting the claimant and obtaining claimant information is more difficult than in paid claims, the timeliness standards differ as the following indicates:
• A minimum of 60% of cases must be completed within 60 days of the week ending date of the batch, and 85% of cases must be completed within 90 days of the week ending date of the batch; and
• A minimum of 98% of cases must be completed within 120 days of the ending date of the Calendar Year.
2024-008 The Employment Security Department did not have adequate internal controls to ensure compliance with federal requirements to annually certify that employer tax credits reported under the Federal Unemployment Tax Act are matched against employer contributions paid under the Unemployment Insurance program.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34748-20-55-A-53; UI-37098-21-55-A-53; UI-37256-22-55-A-53; UI-38013-22-60-A-53; UI-39303-23-55-A-53; UI-39355-23-55-A-53; UI-00003-23-60-A-53; UI-00056-23-60-A-53; UI-00101-23-60-A-53; UI-00032-24-55-A-53; UI-00030-24-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions - Match with IRS 940 FUTA Tax Form
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The Unemployment Insurance (UI) program was created by the Social Security Act and provides benefits to unemployed workers under the Unemployment Compensation program for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department administers the state’s UI program. During fiscal year 2024, the Department paid more than $1.9 billion in unemployment insurance benefits to Washington residents.
The Federal Unemployment Tax Act (FUTA) provides for cooperation between the federal and state governments in establishment and administration of unemployment insurance. The IRS is responsible for receiving and processing the Form 940, Employer’s Annual Federal Unemployment Tax Return, or Schedule H for annual reporting of employer tax credits. The IRS uses the FUTA Certification Program to verify with states that the credits employers claimed on the Form 940, or Schedule H, were actually paid into the state unemployment fund.
The IRS Guide for Certification of State FUTA Credits (Guide) establishes the instructions for the certification of the states FUTA Tax Credits. Every September, the IRS creates a FUTA Identification Data File containing employer information, including FUTA tax credits reported, and distribute the file to states to verify tax credits reported to the IRS are accurate. The Guide stipulates that each state is responsible for certifying that this report is correct by reviewing the first 50 employers that have total state wages reported at zero (Zero Certification) and the first 50 employers that have total state wages reported at more than zero (Non-Zero Certification). The Department is required to trace the employer’s tax payments in the Next Generation Tax System (NGTS).
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with federal requirements to annually certify that employer tax credits reported under the FUTA are matched against employer contributions paid under the UI program.
The Department did not review the required minimum number of employer accounts before submitting its annual certification to the IRS. Specifically, we found the Department reviewed 98 of the 100 required samples of employers to ensure each employer reported the correct amount of unemployment contributions paid into the State's unemployment fund.
We consider these internal control deficiencies to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively design its internal controls to ensure accuracy of the certification to the IRS. Additionally, management did not adequately review employer account reconciliations its staff performed to ensure they reviewed the required number of accounts.
Effect of Condition
By not establishing adequate internal controls to ensure it reconciles all employer accounts requiring review before certification to the IRS, the Department cannot comply with federal requirements to verify FUTA tax credits are accurately reported to the IRS.
Recommendation
We recommend the Department improve its internal controls to ensure it reviews all employer accounts in accordance with federal requirements before certifying the report to the IRS.
Department’s Response
The Department thanks SAO for its work in this area and concurs with the finding. The Department is committed to ensuring our programs comply with federal regulations. The Department will recommunicate the requirement of minimal account review prior to filing the report.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
IRS Guide for the Certification of State FUTA Credits (September 2023 edition), Review Procedures, states in part:
After the FUTA Certification Data has been prepared and before transmission, the state should review the quality of the data. This review will minimize the number of re-transmission requests from the HQ staff.
Follow these review procedures:
1. Print two copies of the first 50 Zero Certification records (records where the total state wages are zero) and of the first 50 Non-Zero Certification records (records where the total state wages are other than zero). Use one copy to verify the format and components of the records against the specifications in this Publication.
2. With the second copy, using the EIN, request manual certification of these records from your appropriate state function. Compare the manual certifications with the print of the computer certifications to verify the data is the same. Remember the state reporting number provided is an additional research tool to help find the certification data for the EIN.
2024-009 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the Unemployment Insurance program to identify people likely to need reemployment services and ensure staff providing those services received required training.
Assistance Listing Number and Title: 17.225 Unemployment Insurance
17.225 COVID-19 Unemployment Insurance
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: UI-34748-20-55-A-53; UI-37098-21-55-A-53; UI-37256-22-55-A-53; UI-38013-22-60-A-53; UI-39303-23-55-A-53; UI-39355-23-55-A-53; UI-00003-23-60-A-53; UI-00056-23-60-A-53; UI-00101-23-60-A-53; UI-00032-24-55-A-53; UI-00030-24-55-A-53
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – UI Reemployment Programs: Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA)
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-010
Background
The Unemployment Insurance (UI) program was created by the Social Security Act, and it provides benefits under the Unemployment Compensation program to unemployed workers for periods of involuntary unemployment. The program provides a stabilizing effect on the economy by maintaining the spending power of eligible workers while they are between jobs. The Employment Security Department (Department) administers the state’s UI program. During fiscal year 2024, the Department paid more than $1.9 billion in unemployment insurance benefits to people in Washington.
The Worker Profiling and Reemployment Services (WPRS) and Reemployment Services and Eligibility Assessments (RESEA) programs serve as the primary programs that facilitate the reemployment of UI claimants. RESEA is authorized by Section 306 of the Social Security Act, and it uses an evidence-based integrated approach that combines an assessment for continuing UI eligibility and the provision of reemployment services. The Department uses a RESEA program to satisfy the WPRS mandate in accordance with federal requirements, and its program design is documented in the RESEA State Plan approved by the U.S. Department of Labor.
According to the Department’s RESEA State Plan, the agency profiles unemployment claimants using a scoring model that is built into its Unemployment Tax and Benefit (UTAB) system to identify claimants who are likely to exhaust benefits and are in need of job search assistance to obtain new employment. The profiling model must statistically combine information on the person’s work industry, occupation, education level, county of residence, and other personal characteristics, including veteran and union status, and labor market characteristics to generate a numerical score indicating their likelihood of exhausting regular unemployment benefits before finding work. The claimants are to be ranked in a queue based on their individual score from most likely to least likely to exhaust benefits. On a weekly basis, the Department selects people from this queue for available appointments for reemployment evaluations. In July 2019, the Department implemented an online appointment scheduling system called the Reemployment Appointment Scheduler (RAS) to facilitate the appointment scheduling process for the Department’s WorkSource offices.
In June 2021, the Department deployed a pilot program proposed by the U.S. Department of Labor known as a randomized control trial (RCT), to randomly assign profile scores in lieu of using the risk profile model to profile all unemployment claimants. The objectives of the trial were to assess the impact of the RESEA program concerning duration of unemployment claims, earnings and employment probability of claimants following the provision of RESEA services, and to assess whether the program improved the identification of claimant eligibility issues and improper payment detection. Under the RCT, the WPRS score used to rank claimants was replaced with a randomly generated score, after excluding the top 5% of claimants with the highest WPRS scores.
The Department’s UI staff oversee the RESEA program, which includes participating in the planning, administration and oversight of the program, providing appropriate training to staff conducting applicant eligibility reviews, completing individual reemployment plans, and providing information and access to career and reemployment services, including referrals to other services. All staff working within the RESEA program must, at a minimum, be trained in the programmatic requirements, state laws, rules and agency policies. Department policy requires staff to complete an intensive training course before providing reemployment services to claimants, as well as take an annual refresher training once a year. Training includes information regarding job search requirements, reporting requirements and UI eligibility assessments. In addition, all staff working with RESEA participants must be trained to detect and report potential eligibility issues to the UI claims center.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it profiled all claimants under the UI program to identify people likely to need reemployment services and ensure staff providing those services received required training. The prior finding number was 2023-010.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure the Department profiled all claimants under the UI program, to identify those likely to need reemployment services and ensure staff providing reemployment services received required training.
Identification for People Eligible for Reemployment Services
The Department did not adequately monitor its UTAB scoring model to ensure applicant risk profile scores were accurate to identify those claimants most likely to exhaust their unemployment benefits.
The Department is required to use a scoring model to profile all claimants to identify those likely to need reemployment services. During the audit period, the score calculated by the model was only applied for 5% of claimants with the highest score. A random score was assigned to the remaining 95% of claimants. The random score assignment did not provide adequate assurance that those people most likely to exhaust benefits were prioritized to receive reemployment services.
To determine a claimant’s profile score, the scoring model assigns 10 different coefficient rates associated with attributes that were determined by the Department to signify how likely a claimant will be to exhaust their unemployment benefits. The Department could not explain the methodology for determining an applicant’s profile score based on these 10 attributes, or how to independently recalculate the score.
The Department has not tested the calculation of the profile score to ensure it is functioning as intended and producing accurate results. In addition, management could not provide historical records to demonstrate the calculation had ever been tested since its first implementation. Therefore, the Department has no assurance that the calculation provides an accurate measurement of the risk a claimant will exhaust their benefits.
In addition, management did not monitor to determine whether the RAS system had received all eligible claimants. There is a daily process to send eligible claimants to the RAS selection queue, but there were no internal controls in place to ensure that all files sent to RAS were received and processed. In addition, RAS does not have a working test environment to test whether the system effectively schedules claimants based on defined rules and requirements.
Employee Training
The Department uses a tracking report to monitor the status of completed training for each RESEA employee. However, the Department did not adequately monitor to ensure staff who administered RESEA services to clients took required training.
We used a statistical sampling method to randomly select and examine 25 out of a total population of 277 employees that administered RESEA services to claimants during fiscal year 2024. We examined records for all RESEA training courses completed by these 25 employees and found one employee (4%) did not complete annual RESEA training during the audit period. This employee administered RESEA appointments to claimants during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Identification for People Eligible for Reemployment Services
During the implementation of the RCT, the Department did not monitor the profiling and prioritization of claimants for RESEA participation to determine whether claimants prioritized for receiving RESEA services were the most likely to exhaust their unemployment benefits.
In the prior audit our Office tested the Department’s UTAB risk scoring model and identified system weaknesses and recommended the Department review the design of its UTAB calculation to determine whether it was accurately identifying claimants most likely to exhaust regular UI benefits. However, during this audit period, the Department did not implement any system changes to the scoring model.
Employee Training
The Department asserted that the employee who did not receive annual training had returned from extended leave after their annual training was past due. Management did not ensure the employee completed the annual training before resuming work.
Effect of Condition
Identification for People Eligible for Reemployment Services
Without monitoring its automated scoring model for effectiveness, the Department cannot ensure that its systems select RESEA participants based on a valid risk profile and priority of need for reemployment services. By disabling the automated scoring model, the Department is not in compliance with provisions in the RESEA State Plan, and it cannot ensure that claimants selected for RESEA appointment services should have received consideration over higher-risk claimants who may be excluded in the RCT.
Employee Training
By not maintaining adequate training records for its employees, the Department cannot demonstrate that all RESEA staff have been properly trained on unemployment eligibility requirements in order to administer reemployment services to clients, as required in the RESEA State Plan.
Recommendation
We recommend the Department:
• Review the design of its UTAB calculation to determine an applicant’s risk profile score and test the calculation of the score to determine whether the system is accurately identifying claimants most likely to exhaust benefits. This understanding and testing should ensure that coefficient values are correctly determined and assigned by the UTAB system.
• Reconcile the interface between the UTAB system and the scheduling system to ensure the RAS scheduling system received all RESEA eligible claimants
• Consider implementing additional internal controls to ensure claimants are profiled and prioritized for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements
• Establish adequate internal controls to ensure all employees receive required RESEA training before providing reemployment screening services to claimants
• Ensure staff administering RESEA services on behalf of the Department have completed required training before providing services to claimants
Department’s Response
The Department thanks the State Auditor’s Office for its work to ensure compliance with federal requirements for the UI Program.
The Department would like to clarify it does use two federally approved methods to profile and prioritize for reemployment services based on their risk of exhausting unemployment benefits, in accordance with federal requirements. The first is the profile score calculation, and the second is the federal pilot program which assigns priority differently than the profile score and is helping develop better outcomes.
The Department concurs with the recommendation regarding review and design of the profile score calculation so that ESD can accurately determine the effectiveness of the profile scoring. The Department in response to this finding in the prior audit year implemented a corrective action plan with a timeline of April 2025. This involved Department review of processes to effectively validate profile scores based upon new coefficients. That work began in October 2024 and ESD continues to discuss processes, prioritization, and resources to complete this work.
The Department continues to perform work and allocate resources to address reconciliation between the RAS scheduler and the UTAB system.
The Department monitors local offices for staff who have taken training and provide RESEA services. In the specific case cited in the finding, it was one staff member of 279 who was out for approved extended leave and missed the required training period for the refresher training. The Department additionally completed intensive training during the same period for 75 staff, for a total of 354 during SFY24. The Department has implemented follow up communication with local offices to remind members to attend the required training.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 United States Code, Chapter 7 – Social Security, Subchapter III – Grants to States for Unemployment Compensation Administration, § 503 – State laws, states in part:
(j) Worker profiling
(1) The State agency charged with the administration of the State law shall establish and utilize a system of profiling all new claimants for regular compensation that –
(A) Identifies which claimants will be likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment;
(B) Refers claimants identified pursuant to subparagraph (A) to reemployment services, such as job search assistance services; available under any State or Federal law;
Revised Code of Washington (RCW), Title 50, Unemployment Compensation, Section 50.20.011, Profiling system to identify individuals likely to exhaust benefits – Confidentiality of information – Penalty, states in part:
1. The commissioner shall establish and use a profiling system for new claimants for regular compensation under this title that identifies permanently separated workers who are likely to exhaust regular compensation and will need job search assistance services to make a successful transition to new employment. The profiling system shall use a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion. Individuals identified as likely to exhaust benefits shall be referred to reemployment services, such as job search assistance services, to the extent such services are available at public expense.
2. The profiling system shall include collection and review of follow-up information relating to the services received by individuals under this section and the employment outcomes for the individuals following receipt of the services. The information shall be used in making profiling identifications.
Washington State Employment Security Department, Wagner-Peyser Employment Service Policy 4050, Reemployment Services and Eligibility Assessments (RESEA) program, states in part:
3. Policy:
A. Staff Training requirements for RESEA Services
Staff working in the RESEA program must, at a minimum, be trained in the program’s requirements, including state laws, rules, and agency policies related to job search, reporting requirements and UI eligibility assessments, prior to providing direct services to claimants and then receive annual refresher training thereafter. All staff working with RESEA participants must be trained to detect and report potential issues to the unemployment insurance claims centers.
B. Claimant selection for RESEA services
RCW 50.20.11 states, in part, that a profiling system must be established to identify new permanently separated claimants most likely to exhaust regular UI benefits and that are in need of job search assistance services to make successful transitions to new employment. This system uses a combination of individual characteristics and labor market information to assign each individual a unique probability of benefit exhaustion known as the profile score. Claimants with a work search requirement will be given a profile score. Those still attached to an employer will not receive a profile score.
Based on ranked scoring, claimants are selected and added to an electronic list as eligible to receive RESEA services. Claimants identified as most likely to exhaust, or as UCX receive top priority.
Selection occurs between the second and fifth week of a valid claim. Claimants waiting on decisions or for their claims to become valid are not selected until they have valid claims and are eligible for benefits.
2024-011 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with federal requirements for suspension and debarment and wage rate notification.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
20.205 COVID-19 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement
Pass-through Entity Name: None
Pass-through Award/Contract Number:
Applicable Compliance Component: None
Suspension and Debarment
Special Tests and Provisions – Wage Rate Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for highway construction projects that it will pay in whole or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding the contract or making purchases, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower-tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. In addition, all prime construction contracts more than $2,000 awarded by nonfederal entities must include a provision for compliance with the Davis-Bacon Act for payment of prevailing wages to laborers.
Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid. FHWA Form FHWA-1273 includes the required Davis-Bacon and related act provisions as well as a suspension and debarment certification.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. In fiscal year 2024, the Department awarded about $890 million to contractors participating in construction projects under the federal Highway Planning and Construction program.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements for suspension and debarment and wage rate notifications.
We examined 12 out of 37 contracts totaling about $735 million awarded by the Department. We found one contract for about $479 million (65%) in which the Department did not include the required Form FHWA-1273 in the contract provisions.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
During the contract execution phase, management did not adequately review contract documents to ensure they included the Form FHWA-1273 before requesting the contractor’s signature. Management did not immediately recognize that the contract did not include the required certification on federal suspension and debarment, or the requirement to pay prevailing wages to laborers.
The Department discovered the missing form after the contract was awarded and signed into effect, but did not approve a change order to amend the contract with the contractor until after the audit period.
Effect of Condition
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. Any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Additionally, by not including language in the contract terms and conditions requiring the contractor to pay all laborers and lower-tier contractors and subcontractors prevailing wages, the Department is at an increased risk of obligating federal funding to contractors to perform work that does not meet federal prevailing wage laws.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with state laws and regulations, FHWA regulations, and its own policies and procedures
• Improve its internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its policies and procedures for awarding contracts
Department’s Response
We appreciate the State Auditor’s Office (SAO) audit of the Federal Highway Administration’s (FHWA) Program. The Department is committed to ensuring our programs comply with federal regulations related to procurement, suspension, and debarment. We also appreciate the importance of including all required contract provisions in our federal-aid construction contracts. We acknowledge the Department did not include a required federal form (form FHWA-1273) as part of one contract. We would also like to state that the Department has policies & procedures, approved by FHWA, in place to ensure all contracts awarded have all the necessary elements to meet both state and federal requirements. In thoroughly investigating the details around this occurrence, there are several components we believe are worth noting:
• There is clear guidance provided to teams to ensure that Form 1273 is included in all contracts.
• It was simply a mistake that Form 1273 was left out of this set of contract documents. In this case, the contract documents were some 1,200 pages and the inclusion of this form in an appendix was simply overlooked by the project team.
• As a result of various checks and balances already in place, the Department discovered that Form 1273 was missing. This was ahead of the audit and also before any work started on the contract. Upon that discovery, we added Form 1273 by executing Change Order number 1 to the construction contract in question July 18, 2024. There were no negative repercussions or issues created.
• As an additional protection, all contracts include language that requires the contractor to meet the various requirements associated with Form 1273, whether Form 1273 was included in the contract or not.
We’ve had follow-up conversations with appropriate staff on lessons learned from this occurrence and believe the issue has been addressed moving forward.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 U.S. Code of Federal Regulations (CFR) Part 180, OMB Guidelines on Agencies on Government Wide Department and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
Title 29 U.S Code of Federal Regulations (CFR) Part 5, Labor Standards Provisions Applicable to Contracts Covering Federally Financed and Assisted Construction (also Labor Standards Provisions Applicable to Nonconstruction Contracts Subject to the Contract Work Hours and Safety Standards Act), Section 5, Contract provisions and related matters, describes the requirements for payment of prevailing wages to laborers and contractors.
2024-012 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-012
Background
The Washington State Department of Transportation’s Local Programs Office administers Highway Planning and Construction Program funding to local agencies throughout the state for highway construction projects. The Department spent about $818 million on highway projects during fiscal year 2024. Of that amount, it awarded about $425 million to local agencies through subawards for 355 new and existing projects across the state.
Pass-through entities are required to monitor the activities of their subrecipients to ensure they are properly using federal funds. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
For the subawards made during fiscal year 2024, Department management delegated the responsibility to complete risk assessments for individual projects to the Local Programs Engineers who were assigned to the regional office that oversees the project. When the Department prepares to monitor or review a subrecipient, it selects an open and active project and evaluates the subrecipient based on its performance under that project.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program. The prior finding number was 2023-012.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
We randomly selected and examined 28 of the 355 projects awarded funding during the audit period to determine if the Department performed a risk assessment of each project to determine the appropriate level of monitoring required for the subrecipient. We found the Department did not complete risk assessments for six of the 28 projects (21 %). Three risk assessments were signed and dated by Department staff after the audit period had ended. The other three projects did not have a risk assessment performed.
We consider this internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure the Local Programs Engineers performed risk assessments for each subrecipient project awarded program funds.
Effect of Condition
Not performing risk assessments makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the grant’s terms and conditions. Without verifying the Local Programs Engineers completed risk assessments for each awarded project, the Department cannot ensure it is performing risk assessments consistently and using the proper criteria to determine the appropriate amount of monitoring required for each subrecipient project.
Recommendation
We recommend the Department:
• Ensure it properly performs and documents the required risk assessments, which would allow management to evaluate the results and demonstrate compliance with federal requirements.
• Improve its monitoring of regional Local Programs Engineers to ensure they complete risk assessments for each program-funded project.
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Highway Planning and Construction program. WSDOT is committed to ensuring our programs comply with federal regulations.
Risks assessments for subrecipients in this FHWA grant program are the responsibility of WSDOT’s Regional Local Programs Engineers, located in the six WSDOT Regions. While every attempt is made to complete a risk assessment at each phase of a project, staff turnover contributed to the lack of consistency and timeliness in completing these assessments. To help ensure consistency, the Department has updated position descriptions for Local Programs Engineers to reflect this requirement.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, section 332, Requirements for pass-through entities, establishes requirements for pass-through entities to evaluate each subrecipients’ risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate level of subrecipient monitoring.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-013 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Wage Rate Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-013
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $818 million in federal Highway Planning and Construction program funds during fiscal year 2024. Of that amount, it spent more than $389 million on state-administered construction projects.
All laborers and mechanics employed by contractors or subcontractors to work on construction contracts exceeding $2,000 financed by federal assistance funds must be paid wages that are no less than those established for the locality of the project (prevailing wage rates) by the Department of Labor. All contractors and subcontractors are required to submit a copy of their payroll and a statement of compliance (certified payrolls) on a weekly basis, for each week in which any applicable contract work is performed. The Department’s construction projects typically involve both a prime contractor and subcontractors to complete work on the project. The Department is required to authorize the prime contractor’s use of subcontractors on a project.
The Department requires field inspectors to be onsite during construction work to ensure projects are completed in accordance with contract specifications. For every day of the week in which contract work is performed, Project Engineers, Project Managers, or Chief Inspectors overseeing construction review inspector’s reports to document which contractors are required to submit certified payrolls for the given week.
The Department publishes the Standard Specifications for Road, Bridge and Municipal Construction (Standard Specifications), in addition to the Construction Manual (M.41-01.41), which applies to its construction contracts, and is approved by the U.S. Federal Highway Administration of the Department of Transportation. These specifications require contractors to submit certified payrolls to the Department on a weekly basis for each weekly payroll period. The Standard Specifications further stipulate that contractors must use the Washington State Department of Labor and Industry’s Prevailing Wage Intents and Affidavit System (PWIA) to submit weekly certified payrolls on federal and state projects. The Construction Manual further requires that Project Engineers verify that contractor certified payrolls are submitted on a weekly basis in PWIA. If the contractor’s certifications are not submitted in a timely manner, the Standard Specifications permit the Department to withhold payment from contractors and enact other sanctions as necessary.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the Highway Planning and Construction program. The prior finding number was 2023-013.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the program.
We found that the Department’s internal controls were not adequate to ensure all contractors and subcontractors submitted certified payrolls on a weekly basis, as required by federal law and the Standard Specifications.
We used a statistical sampling method to randomly select 85 out of a total 1,605 weeks in which contract work was performed on federally funded construction projects, to determine whether the Department received certified payrolls from the prime contractor and all subcontractors performing work on the project on a weekly basis, or within one week of the preceding payroll period end date, as required by federal law and Department policies. We identified the 85 weeks required a total of 576 certified payrolls to be submitted to the Department.
Collecting certified payrolls
The Department did not collect all certified payrolls from the prime contractor and subcontractors on a weekly basis for 79 of the 85 weeks we examined (93 %). We performed testing to determine whether the Department collected all certified payrolls due from contractors working on the project within seven days (or one week) of the payroll week ending date.
We identified 29 payrolls that were not collected by the Department before the end of the audit period. Of the 547 payrolls submitted to the Department, 305 (56 %) were not submitted within seven days of the payroll week ending date, as required by federal law and the Construction Manual. On average, these payrolls were 21 days late and we found:
• 145 payrolls were between one and seven days late;
• 65 payrolls were between eight and 14 days late;
• 47 payrolls were between 15 and 30 days late; and
• 48 payrolls were more than 30 days late, with the oldest being 279 days late
Review of certified payrolls
We performed additional testing to determine whether the Department submitted a request to the contractor to supply overdue payrolls in the PWIA system, as required by the Construction Manual. We found 204 overdue payrolls (67 %) had no requests submitted to the prime contractor or subcontractor (if applicable). Additionally, 95 of these payrolls were submitted more than one week late, with the oldest being 279 days late.
We inquired with the Department as to whether any sanctions were imposed upon contractors with late or missing certified payroll submissions. We determined two payments related to one contract from our sample had payment partially withheld due to delinquent payrolls. However, we received no additional records to demonstrate sanctions imposed on contractors for the weeks reviewed as part of the audit.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not adequately monitor Project Offices and the PWIA system to ensure compliance with federal requirements and the Construction Manual. While the Department’s Construction Manual and Standard Specifications have documented policies and procedures in place for Project Engineers to follow to track certified payrolls due from contractors, they do not include clear guidance on when and how Project Engineers follow up on late submissions and issue sanctions. Additionally, Project Engineers did not consistently follow these policies when monitoring contractors for compliance and documenting certified payrolls due on construction projects.
Effect of Condition
Without collecting all certified payrolls timely, the Department cannot ensure that laborers working on federally funded construction contracts are being paid the applicable prevailing wages, as required by law, which could make the Department and the contractor vulnerable to sanctions by the U.S. Department of Labor.
In addition, by not collecting certified payrolls on a weekly basis, the Department is not in compliance with federal requirements and may be subject to actions by the federal grantor.
Recommendations
We recommend the Department:
• Improve internal controls to ensure Project Engineers monitor the status of certified payrolls due from contractors on a weekly basis in accordance with its Construction Manual, ensure contractors are made aware of delinquent payrolls, and consideration is given to assessing sanctions on noncompliant contractors in accordance with its Standard Specifications, such as withholding any or all payments to the contractor, as necessary, when contractors do not submit required certified payrolls on a weekly basis
• Monitor projects offices to ensure contractors are notified in PWIA when they have not provided certified payrolls for a given week of contract work, in accordance with the Construction Manual, and request all overdue or missing payrolls immediately
• Ensure certified payrolls are collected from prime contractors and all subcontractors on a weekly basis, in accordance with federal law and the Construction Manual
• Consider modifying the Construction Manual to define the circumstances in which sanctions must be imposed upon contractors with incomplete, overdue or missing certified payrolls
Department’s Response
The Washington State Department of Transportation appreciate the State Auditor’s Office (SAO) audit of the Federal Highway Administration’s (FHWA) Program. The Department is committed to ensuring our programs comply with federal regulations.
As WSDOT indicated in previous years for similar findings, the draft audit finding does not consider the nature of the contractual relationship between the contractor and WSDOT as the owner. The owner's compliance with the Davis-Bacon Act and regulations cited in the finding is determined by collective actions specified by regulations and not merely by how many payrolls are collected from the contractor within an arbitrary 7-day window. WSDOT, in close consultation with the FHWA, has established contract administration processes with contingencies built in to address and correct for contractor noncompliance. In addition, WSDOT will not issue project Completion until all certified payrolls are collected (Standard Specifications 1-08.5.2, Time for Completion). FHWA guidance recommends actions to take if a contractor is habitually late in submitting payrolls but leaves it up to WSDOT to determine when sanctions should be imposed. WSDOT’s Standard Specifications (1-07.9(5)) on certified payrolls aligns with FHWA guidance. Sanctions are imposed as appropriate during the life of a contract. We also point out that SAO only reviewed the Department’s actions taken, such as sanctions, only as they applied to the original weeks tested, not for other weeks within the contract. Sanctions are taken when contractors meet certain criteria such as being habitually late. As a result, SAO did not review or consider all evidence we provided of sanctions taken on late payrolls during the contract period, when it was not within the weeks originally tested. We will continue to look for opportunities to improve our process as well as our documentation to demonstrate compliance with the Davis-Bacon Act requirements. In addition, we will continue consulting with FHWA for any further actions needed to resolve this finding. Changes to the Construction Manual just approved by FHWA in January 2025, will help to clarify timeliness in submission of certified payrolls and Department follow up actions, and should help clarify the rules we’re evaluated against regarding certified payrolls
In FHWA’s management decision letter of November 14, 2024, in response to a similar finding for FY 2023, the grantor states “FHWA believes that WSDOT’s procedures, in their entirety, contain the necessary controls to ensure reasonable compliance with 29 CFR 5.5 and FHWA Davis-Bacon and Related Acts Questions and Answers. Ensuring all certified payrolls are collected, and considering sanctions or other appropriate actions for missing payrolls using the methods outlined in WSDOT’s procedures provide sufficient internal control and reasonable compliance, notwithstanding the collection of the payrolls within a seven-day period. FHWA considers this finding to be resolved.”
In this year’s audit, the State Auditor sampled 85 weeks and the required 547 certified payrolls for contract work performed on federally funded construction projects during that period. WSDOT collected all the required 547 certified payrolls. SAO identified 29 payrolls that were “not collected by the Department before the end of the audit period”, however these payrolls were collected. Because these 29 payrolls were collected during a week that SAO had not tested, the auditor did not report the payrolls as collected. Of the 547 payrolls only 48 were 30-days or more late and only 25 (4.5%) were 60-days or more late. This result is below the exception threshold typically allowed by the State Auditor of 5%. At 60-days, the Department has its first opportunity to initiate sanctions against the contractor. Of the 25 payrolls that were at least 60-days late, WSDOT had imposed sanctions against a contractor, including withholding payment. WSDOT had also performed actions, such as notifying the contractors via email or during weekly meetings with the contractors. Sanctions prior to 60-days, are not feasible, as the contractors are paid monthly for the prior month’s work, and WSDOT has 30-days to process payments.
As indicated last year, WSDOT is in the midst of delivering its largest and one of its most complex construction programs in our history and is doing so with lower and less experienced staffing levels than it had to deliver past construction programs.
Auditor’s Remarks
In determining our audit opinion on the Department’s compliance, we did not give consideration to payrolls collected after the one-week due date that were also collected after the audit period ended. Regarding the 29 missing certified payrolls, based on Department records and PWIA, as of our audit, 10 of these payrolls had not yet been collected by the Department. The 19 payrolls that were eventually collected were received by the Department from July 2, 2024 to January 9, 2025, which is between 10 and 426 days beyond the one-week due date, and between two and 193 days after the audit period end date.
Our testing of contractor certified payrolls was designed to address the U.S. Department of Labor (USDOL) regulations outlined in the Davis-Bacon Act and related requirements concerning federally-funded construction projects (Title 29 CFR, Subpart A – Davis-Bacon and Related Acts Provisions and Procedures, Subsection 5.5). These requirements, in addition to the suggested audit procedures in Part 4 of the Uniform Guidance Compliance Supplement, were applied to our audit testing. Federal law requires for contractors and subcontractors participating in federal-aid construction projects to submit weekly and for each week certified payrolls to the Department. In addition, the Department’s Construction Manual requires contractors to submit certified payrolls on federal-aid projects weekly regardless of whether or not work was performed. Using these criteria expanded upon in the Applicable Laws and Regulations below, we do not believe our interpretation that payrolls should be collected in the week following the preceding payroll week’s ending date is arbitrary.
Furthermore, the USDOL Wage and Hour Division’s Final Rule (effective October 23, 2023) concerning the Davis-Bacon and Related Acts Regulations, stipulates that “contractors and subcontractors are required to provide certified payrolls to the contracting agency to demonstrate their compliance with Davis-Bacon Act requirements on a weekly basis,” and that “the Department cannot allow contractors to pay required prevailing wages or submit certified payrolls on a basis less frequent than weekly.”
We reviewed all documentation provided by the Department addressing late or missing contractor certified payrolls. The Department’s records show only two contract payments (only one of which corresponded to a week we examined as part of this audit) had partial payment withheld from the prime contractor. In addition, the Department only followed up on one-third of its overdue payrolls examined as part of this audit by submitting requests to the contractor to furnish the required payrolls as outlined in the Construction Manual. We believe these observations support our opinion that the Department’s internal controls were not sufficient to detect and correct material noncompliance with respect to the federal requirements. The Department also acknowledges in its response that approximately nine percent of its certified payrolls collected from contractors were more than 30 days late which we believe is significant, as the Department reviews pay estimates from prime contractors on a monthly basis, and this indicates that the Department is not following up on overdue contractor certified payrolls weekly as the Construction Manual requires.
The Department also states it is not feasible to impose sanctions upon contractors with habitually late payrolls before 60 days have passed from the week(s) of work ending due to its designed payment delivery method. Without ensuring its prime contractors have submitted certified payrolls for their employees and for all approved subcontractors performing work under the contract, the Department cannot ensure the contractor has paid prevailing wages to all laborers and mechanics, and that laborers have been paid on a weekly basis, as federal law requires.
We appreciate the Department’s willingness to re-define its contractor monitoring requirements in its Construction Manual with the federal grantor, and we expect that these revisions more narrowly define the expectations for what specific follow-up actions the Department must take against the contractor and define the timelines for performing necessary follow-up actions.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 29 CFR Part 5, Labor Standards Provisions Applicable to Contract Covering Federally Financed and Assisted Constructed (Also Labor Standards Provisions Applicable to Nonconstruction Contracts Subject to the Contract Work Hours and Safety Standard Act), section 5, Contract provisions and related matters, establishes the requirements for including prevailing wage clauses in federal-aid contracts, payment withholding, and required documents.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Federal Highway Administration Davis-Bacon and Related Acts Questions and Answers, section 56, states that contracting agencies are responsible for properly applying and enforcing prevailing wage requirements in covered contracts including:
a. Verifying that covered contracts have incorporated the required Davis-Bacon clauses and the applicable wage determination(s);
b. Verifying that the Davis-Bacon notice and the applicable wage determination(s) are displayed at the site of the work in a conspicuous location in clear view of everyone;
c. Reviewing certified payrolls in a timely manner;
d. Conducting employee interviews
e. Conducting reviews and investigations of covered contracts in conjunction with FHWA as appropriate;
f. Forwarding refusal to pay and/or debarment consideration cases to the USDOL Wage and Hour Division for appropriate action; and
g. Submitting enforcement reports and semi-annual enforcement reports to the USDOl Wage and Hour Division
The Washington State Department of Transportation’s Construction Manual (M41-01.43), April 2024 edition, section 1-07.9, Wages, states in part:
Federal Prevailing Wage
Enforcement of Federal Prevailing Wage Provisions
In addition to the requirements of Standard Specifications Section 1-07.9, all Contracts financed with Federal funding includes the Required Contract Provisions for Federal-Aid Construction Contracts (FHWA-1273). These provisions identify Federal wage requirements. The Federal prevailing wage requirements included in these provisions are also commonly referred to as Davis Bacon and Related Acts (DBRA). It is the Project Engineer’s responsibility to monitor and enforce these provisions to the degree necessary to ensure full compliance. In order to comply with these requirements, the Contractor must:
Submit weekly certified payrolls to the Project Engineer through LNI’s Prevailing Wage Intents and Affidavits (PWIA) system.
Ensure each Subcontractor, and each agent or lower-tier subcontractor submits weekly certified payrolls to the Project Engineer through PWIA.
SS1-07.9(5) Required Documents
Statement of Intent
Every Contractor, Subcontractor, agent, or lower tier subcontractor performing work on a public works contract must submit a Statement of Intent to Pay Prevailing Wages to LNI for approval. Separate Intents are required for each Request to Sublet submitted on the project. Hiring Contractors are required to file an Intent if they hire a lower tier subcontractor subject to prevailing wages.
Affidavit of Wages Paid
Prior to Contract Completion, the Contractor, all Subcontractors, agents and lower-tier subcontractors must submit an Affidavit of Wages Paid to the Project Engineer using PWIA. The form may be submitted earlier by a Subcontractor or lower-tier subcontractor if that firm’s work is completed prior to Completion of the Contract. All Affidavits must be approved by LNI prior to Contract Completion.
Certified Payroll
Certified payroll must be submitted to the Project Engineer through PWIA for each Contractor, Subcontractor, and each lower tier subcontractor performing work on the project, regardless of funding source or delivery method. Certified payrolls are required from the time each Firm begins performing Contract work until the time the Affidavit is visible in PWIA, or until the Contractor has identified their last certified payroll has been Submitted. Once the Affidavit is visible in PWIA, the Affidavit has been approved by LNI. The last working day is included on the Affidavit, and the Project Office should compare this date to the last certified payroll submitted.
A tracking sheet is required to document when Project Office staff verify that certified payrolls are received through PWIA. The frequency of verification depends on the funding source of the project. Weekly verification is required for federally funded projects, while monthly verification is required for state funded contracts. The tracking sheet needs to indicate that all active Contracts have been checked for late or missing certified payrolls. PWIA will be used to track requests made for missing certified payrolls. A separate tracking sheet may be used to track which certified payrolls have been verified for each Project.
Federally funded projects require weekly submittals. Further review of the payroll will be required to ensure the Federal prevailed wage rate is met using the Wage Determination included in the Contract Special Provisions.
Federally funded Contracts:
• Weekly submittals
• No leniency on late submittals
• Required for every week, whether work was performed or not
• Enforcement of all Federal requirements will remain WSDOT responsibility
Federally funded projects require weekly submittal of certified payrolls. If the Contractor is unable to submit their payroll electronically using PWIA, they must submit the certified payrolls directly to the Project Office.
Non-compliance or non-submittal could result in the Project Engineer withholding an
appropriate portion of payment (see Section SS 1-09.9).
The Washington State Department of Transportation’s Construction Manual (M41-01.43), April 2024 edition, section 1-09, Measurement and Payment, states in part:
Withholding of Payments
Withholding payments for the work the Contractor has performed and completed in accordance with the contract should not be done casually. There must be clear contract language supporting the action. The authority to withhold progress payments is subdelegated to the Regions. Further delegation to the Project Engineers is at the discretion of each Region.
Delinquent Contractor Submittals
Missing submittals is a principal source of delays in closing out the project and processing the final estimate. As the project proceeds toward completion, the Project Engineer and the Contractor should attempt to obtain all submittals as the need arises. These might include such things as materials certificates, certified payrolls, extension of time requests, or any other item or document that delay processing the final estimate.
2024-014 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with quality assurance program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Quality Assurance Program
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-014
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction Program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $818 million in federal Highway Planning and Construction program funds during fiscal year 2024. Of that amount, it spent more than $389 million on state-administered construction projects.
Federal regulations require that the Department have a quality assurance (QA) program, approved by the Federal Highway Administration (FHWA), for construction projects on the National Highway System to ensure that materials and workmanship conform to approved plans and specifications. Verification sampling must be performed by qualified testing personnel employed by the Department or its designated agent, excluding the contractor.
The Department’s QA program requirements are outlined in the Construction Manual, which is approved by the FHWA. This manual documents how materials are tested for acceptance before being incorporated into construction projects. Materials can be accepted in various ways, such as sample testing, a visual inspection documented by the Field Note Record or Inspector’s Daily Report, or a certification of compliance from the manufacturer. If a materials test is required, the Department must ensure that only qualified people perform the testing, including independent testers, consultants or certified Department employees.
To ensure that materials incorporated into a project meet approved plans and specifications, the Department prepares a list of prescribed materials to be used on the project. The Department uploads this list to a program called the Record of Materials (ROM). The ROM sets forth the materials and quantities that are expected to be used on the project, and it documents the proper acceptance criteria, including any test(s) personnel are required to perform on a material.
To ensure that only qualified people perform the testing, testers must pass a certification exam, which consists of a written and performance exam. After passing both, the testers are entered into the Qualified Tester Database and are certified for five years, after which they must recertify by passing both exams again. There are two different types of tester qualifications: module and method. Module testers are proficient in multiple method tests that can encompass all method tests for a particular material, whereas method testers may only be proficient in particular tests for any given material.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed materials testing for projects funded by the Highway Planning and Construction program. The prior finding numbers were 2023-014, 2022-011, 2021-011, 2020-017 and 2019-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction program.
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
We used a statistical sampling method and randomly selected and examined 58 out of a total population of 1,687 materials that were used on federally funded projects during state fiscal year 2024. For the 58 randomly selected materials, we requested supporting documentation for acceptance and/or testing of the material. We found:
• One material where the Department did not obtain the manufacturer’s certificate of compliance
• One material where the project engineer did not perform testing in accordance with the Department’s Standard Specifications
Testing personnel were not properly certified
We obtained data from the Department to identify materials tested for acceptance during the audit period. Using this data, we identified 1,080 unique tester and acceptance test types corresponding to the materials tested. We used a statistical sampling method and randomly selected and examined 57 out of the 1,080 to verify whether the testers performing materials testing for the Department had all required documents to support the tester’s certification. We found:
• One instance where the tester was missing a required exam for certification
• Three instances where the Department was unable to provide documentation to support that the tester met certification requirements
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
Management did not adequately monitor project offices to ensure all required materials testing and acceptance occurred in accordance with the Construction Manual.
Testing personnel were not properly certified
Project Engineers did not ensure tester qualifications were current, and management did not ensure that only qualified testers performed materials testing and acceptance on behalf of the Department.
Effect of Condition
By not adequately monitoring project materials to ensure they conform to approved plans and specifications, the Department does not have reasonable assurance that materials incorporated into projects conform to standard specifications and the Construction Manual.
By not properly verifying and documenting the testers’ qualifications, the Department risks improper material testing. This could result in the Department using materials that may not conform to approved plans and specifications.
Recommendations
We recommend the Department:
• Improve internal controls, and monitor project offices, to ensure that required sampling activities occur, as required, and permanently incorporated materials conform to standard specifications for all federal aid construction projects
• Strengthen internal controls to ensure testers have completed all required exams and that they have proper documentation of passing these exams before performing sampling activities
• Continue to review all testers to ensure they meet the minimum requirements for certification before performing materials testing on projects receiving federal aid
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office (SAO) audit of the Federal Highway Program and the federally required Quality Assurance (QA) program. The Department is committed to ensuring our programs continue to comply with federal regulations and recognizes that there are always opportunities for improvement to its QA program.
The Department continues towards replacement of its ROM legacy system; therefore, it was not practical to modify this system to help correct issues reported in a similar finding in previous Single Audits. Instead, the Department eliminated its practice requiring updates to the ROM within 30 days of payment and instead relies on the required documentation, as evidence of proper material acceptance. In addition, WSDOT modified its practice related to how tester data is reviewed and entered into the tester certification tracking system, as a result of audit recommendations from a prior audit, however this change was not formally adopted into policy until the Construction Manual was approved in April 2024. All offices now funnel tester data to the Headquarters Quality Assurance Program for review and entry. These changes to practices were communicated to appropriate staff and are reflected in the Construction Manual, which was reviewed and approved by FHWA.
Materials Acceptance
The construction contracts awarded in FY24 utilizing federal funding contained more than 4,600 materials and SAO identified 1,687 that required testing. SAO examined documentation for 58 materials that required testing. Through our review of SAO’s exceptions the Department found only 2 materials (3.4%) where we could not provide documentation to support that testing occurred or was not required.
Testing Personnel Certifications
FY24 had over 7,000 materials tested. The State Auditor selected and reviewed documentation for 57 tests and whether the testers performing materials testing activities for the Department had all required documents to support their certification and took exception to documentation provided. The Department had 3 testers perform material acceptance tests before they passed their certification testing and could not locate the required exam for 1 tester.
The Department has worked closely with the Federal Highway Administration (FHWA) on our QA program and continues to receive feedback from them on the strength of our program. The Department will continue to put improvements in place for the QA program based on the SAO audit recommendations. These issues will be discussed at the 2025 Material Assurance Training offered 3/19/2025, and we will continue to deliver other training to Project Engineering Offices to emphasize QA program requirements throughout the year.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 23 U.S. Code of Federal Regulations (CFR) Part 637, Construction Inspection and Approval establishes the following applicable requirements:
Section 637.201 Purpose
To prescribe policies, procedures, and guidelines to assure the quality of materials and construction in all Federal-aid highway projects on the National Highway System.
Section 637.205 Policy
a. Quality assurance program. Each STD shall develop a quality assurance program which will assure that the materials and workmanship incorporated into each Federal-aid highway construction project on the NHS are in conformity with the requirements of the approved plans and specifications, including approved changes. The program must meet criteria in (Section 637.207) and be approved by the FHWA.
b. STD capabilities. The STD shall maintain an adequate, qualified staff to administer its quality assurance program. The State shall also maintain a central laboratory. The State’s central laboratory shall meet the requirements in (Section 637.209(a)(2))
c. Independent assurance program. Independent assurance samples and tests or other procedures shall be performed by qualified sampling and testing personnel employed by the STD or its designated agent.
d. Verification sampling and testing. The verification sampling and testing are to be performed by qualified testing personnel employed by the STD or its designated agent, excluding the contractor and vendor.
e. Random samples. All samples used for quality control and verification sampling and testing shall be random samples.
Section 637.207 Quality assurance program
a. Each STD’s quality assurance program shall provide for an acceptance program and an independent assurance (IA) program consisting of the following:
1. Acceptance program.
i. Each STD’s acceptance program shall consist of the following:
A. Frequency guide schedules for verification sampling and testing which will give general guidance to personnel responsible for the program and allow adaptation to specific project conditions and needs.
B. Identification of the specific location in the construction or production operation at which verification sampling and testing is to be accomplished.
C. Identification of the specific attributes to be inspected which reflect the quality of the finished product.
ii. Quality control sampling and testing results may be used as part of the acceptance decision provided that:
A. The sampling and testing has been performed by qualified laboratories and qualified sampling and testing personnel.
B. The quality of the material has been validated by the verification sampling and testing. The verification testing shall be performed on samples that are taken independently of the quality control samples.
C. The quality control sampling and testing is evaluated by an IA program.
The Department of Transportation’s Construction Manual (M41-01), Chapter 9: Materials, states in part:
9-1 General
The quality of materials used on the project will be evaluated and accepted in various ways, whether by testing of samples, visual inspection, or certification of compliance. This chapter details the manner in which these materials can be accepted. Requirements for materials are described in Standard Specifications for Road, Bridge, and Municipal Construction M 41-10 Section 1-06 and Division 9.
It is the Project Engineer’s responsibility to accept materials in accordance with this chapter. For materials that do not meet specification requirements, the Project Engineer shall contact the State Construction Office which will coordinate with the State Materials Engineer or Assistant State Materials Engineer to determine the appropriate action.
9-1.2C Record of Materials
The Project office is required to maintain documentation in the project records on quantities paid, quantities placed, quantities field verified for materials that have sampling frequencies, WSDOT Fabrication Inspection items, or where quantities are needed for Acceptance Criteria such as Manufacturer Certificate of Compliance. Any changes to the acceptance requirements, additional permanently incorporated materials used, or any additional materials added to the project by change order or force account need to be documented and tracked in the project records.
9-5.3 WSDOT Testing Technician Qualification Program (WTTQP)
All testing Technicians that conduct QA/QV testing shall be certified through the WTTQP. For registration information contact the Region Independent Assurance Inspector.
The purpose of this program is to provide uniform statewide testing by ensuring testing technicians meet the WTTQP module certification and method qualification process below. This program is based on AASHTO R 25.The State Quality Systems Manager performs oversite of WSDOT’s Testing Technician Qualification Program (WTTQP). The Quality Systems Section at the State Materials Laboratory is responsible for maintaining the Tester Qualification database information for all WTTQP Testing Technicians. A Testing Technician will not be certified or qualified until listed as “Available” by the Quality Systems Manager.
The Region Independent Assurance Inspectors are responsible for entering their region data into the Tester Qualification database and submitting the WTTQP internal certification or qualification records to the Quality Systems Section.
2024-011 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with federal requirements for suspension and debarment and wage rate notification.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
20.205 COVID-19 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement
Pass-through Entity Name: None
Pass-through Award/Contract Number:
Applicable Compliance Component: None
Suspension and Debarment
Special Tests and Provisions – Wage Rate Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for highway construction projects that it will pay in whole or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding the contract or making purchases, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower-tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. In addition, all prime construction contracts more than $2,000 awarded by nonfederal entities must include a provision for compliance with the Davis-Bacon Act for payment of prevailing wages to laborers.
Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid. FHWA Form FHWA-1273 includes the required Davis-Bacon and related act provisions as well as a suspension and debarment certification.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. In fiscal year 2024, the Department awarded about $890 million to contractors participating in construction projects under the federal Highway Planning and Construction program.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements for suspension and debarment and wage rate notifications.
We examined 12 out of 37 contracts totaling about $735 million awarded by the Department. We found one contract for about $479 million (65%) in which the Department did not include the required Form FHWA-1273 in the contract provisions.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
During the contract execution phase, management did not adequately review contract documents to ensure they included the Form FHWA-1273 before requesting the contractor’s signature. Management did not immediately recognize that the contract did not include the required certification on federal suspension and debarment, or the requirement to pay prevailing wages to laborers.
The Department discovered the missing form after the contract was awarded and signed into effect, but did not approve a change order to amend the contract with the contractor until after the audit period.
Effect of Condition
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. Any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Additionally, by not including language in the contract terms and conditions requiring the contractor to pay all laborers and lower-tier contractors and subcontractors prevailing wages, the Department is at an increased risk of obligating federal funding to contractors to perform work that does not meet federal prevailing wage laws.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with state laws and regulations, FHWA regulations, and its own policies and procedures
• Improve its internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its policies and procedures for awarding contracts
Department’s Response
We appreciate the State Auditor’s Office (SAO) audit of the Federal Highway Administration’s (FHWA) Program. The Department is committed to ensuring our programs comply with federal regulations related to procurement, suspension, and debarment. We also appreciate the importance of including all required contract provisions in our federal-aid construction contracts. We acknowledge the Department did not include a required federal form (form FHWA-1273) as part of one contract. We would also like to state that the Department has policies & procedures, approved by FHWA, in place to ensure all contracts awarded have all the necessary elements to meet both state and federal requirements. In thoroughly investigating the details around this occurrence, there are several components we believe are worth noting:
• There is clear guidance provided to teams to ensure that Form 1273 is included in all contracts.
• It was simply a mistake that Form 1273 was left out of this set of contract documents. In this case, the contract documents were some 1,200 pages and the inclusion of this form in an appendix was simply overlooked by the project team.
• As a result of various checks and balances already in place, the Department discovered that Form 1273 was missing. This was ahead of the audit and also before any work started on the contract. Upon that discovery, we added Form 1273 by executing Change Order number 1 to the construction contract in question July 18, 2024. There were no negative repercussions or issues created.
• As an additional protection, all contracts include language that requires the contractor to meet the various requirements associated with Form 1273, whether Form 1273 was included in the contract or not.
We’ve had follow-up conversations with appropriate staff on lessons learned from this occurrence and believe the issue has been addressed moving forward.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 U.S. Code of Federal Regulations (CFR) Part 180, OMB Guidelines on Agencies on Government Wide Department and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
Title 29 U.S Code of Federal Regulations (CFR) Part 5, Labor Standards Provisions Applicable to Contracts Covering Federally Financed and Assisted Construction (also Labor Standards Provisions Applicable to Nonconstruction Contracts Subject to the Contract Work Hours and Safety Standards Act), Section 5, Contract provisions and related matters, describes the requirements for payment of prevailing wages to laborers and contractors.
2024-012 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-012
Background
The Washington State Department of Transportation’s Local Programs Office administers Highway Planning and Construction Program funding to local agencies throughout the state for highway construction projects. The Department spent about $818 million on highway projects during fiscal year 2024. Of that amount, it awarded about $425 million to local agencies through subawards for 355 new and existing projects across the state.
Pass-through entities are required to monitor the activities of their subrecipients to ensure they are properly using federal funds. To determine the appropriate level of monitoring, federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes and regulations and the terms and conditions of the subaward.
For the subawards made during fiscal year 2024, Department management delegated the responsibility to complete risk assessments for individual projects to the Local Programs Engineers who were assigned to the regional office that oversees the project. When the Department prepares to monitor or review a subrecipient, it selects an open and active project and evaluates the subrecipient based on its performance under that project.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program. The prior finding number was 2023-012.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Highway Planning and Construction program.
We randomly selected and examined 28 of the 355 projects awarded funding during the audit period to determine if the Department performed a risk assessment of each project to determine the appropriate level of monitoring required for the subrecipient. We found the Department did not complete risk assessments for six of the 28 projects (21 %). Three risk assessments were signed and dated by Department staff after the audit period had ended. The other three projects did not have a risk assessment performed.
We consider this internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not ensure the Local Programs Engineers performed risk assessments for each subrecipient project awarded program funds.
Effect of Condition
Not performing risk assessments makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the grant’s terms and conditions. Without verifying the Local Programs Engineers completed risk assessments for each awarded project, the Department cannot ensure it is performing risk assessments consistently and using the proper criteria to determine the appropriate amount of monitoring required for each subrecipient project.
Recommendation
We recommend the Department:
• Ensure it properly performs and documents the required risk assessments, which would allow management to evaluate the results and demonstrate compliance with federal requirements.
• Improve its monitoring of regional Local Programs Engineers to ensure they complete risk assessments for each program-funded project.
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Highway Planning and Construction program. WSDOT is committed to ensuring our programs comply with federal regulations.
Risks assessments for subrecipients in this FHWA grant program are the responsibility of WSDOT’s Regional Local Programs Engineers, located in the six WSDOT Regions. While every attempt is made to complete a risk assessment at each phase of a project, staff turnover contributed to the lack of consistency and timeliness in completing these assessments. To help ensure consistency, the Department has updated position descriptions for Local Programs Engineers to reflect this requirement.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, section 332, Requirements for pass-through entities, establishes requirements for pass-through entities to evaluate each subrecipients’ risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate level of subrecipient monitoring.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-013 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Wage Rate Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-013
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $818 million in federal Highway Planning and Construction program funds during fiscal year 2024. Of that amount, it spent more than $389 million on state-administered construction projects.
All laborers and mechanics employed by contractors or subcontractors to work on construction contracts exceeding $2,000 financed by federal assistance funds must be paid wages that are no less than those established for the locality of the project (prevailing wage rates) by the Department of Labor. All contractors and subcontractors are required to submit a copy of their payroll and a statement of compliance (certified payrolls) on a weekly basis, for each week in which any applicable contract work is performed. The Department’s construction projects typically involve both a prime contractor and subcontractors to complete work on the project. The Department is required to authorize the prime contractor’s use of subcontractors on a project.
The Department requires field inspectors to be onsite during construction work to ensure projects are completed in accordance with contract specifications. For every day of the week in which contract work is performed, Project Engineers, Project Managers, or Chief Inspectors overseeing construction review inspector’s reports to document which contractors are required to submit certified payrolls for the given week.
The Department publishes the Standard Specifications for Road, Bridge and Municipal Construction (Standard Specifications), in addition to the Construction Manual (M.41-01.41), which applies to its construction contracts, and is approved by the U.S. Federal Highway Administration of the Department of Transportation. These specifications require contractors to submit certified payrolls to the Department on a weekly basis for each weekly payroll period. The Standard Specifications further stipulate that contractors must use the Washington State Department of Labor and Industry’s Prevailing Wage Intents and Affidavit System (PWIA) to submit weekly certified payrolls on federal and state projects. The Construction Manual further requires that Project Engineers verify that contractor certified payrolls are submitted on a weekly basis in PWIA. If the contractor’s certifications are not submitted in a timely manner, the Standard Specifications permit the Department to withhold payment from contractors and enact other sanctions as necessary.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the Highway Planning and Construction program. The prior finding number was 2023-013.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to collect certified payrolls from contractors on projects funded by the program.
We found that the Department’s internal controls were not adequate to ensure all contractors and subcontractors submitted certified payrolls on a weekly basis, as required by federal law and the Standard Specifications.
We used a statistical sampling method to randomly select 85 out of a total 1,605 weeks in which contract work was performed on federally funded construction projects, to determine whether the Department received certified payrolls from the prime contractor and all subcontractors performing work on the project on a weekly basis, or within one week of the preceding payroll period end date, as required by federal law and Department policies. We identified the 85 weeks required a total of 576 certified payrolls to be submitted to the Department.
Collecting certified payrolls
The Department did not collect all certified payrolls from the prime contractor and subcontractors on a weekly basis for 79 of the 85 weeks we examined (93 %). We performed testing to determine whether the Department collected all certified payrolls due from contractors working on the project within seven days (or one week) of the payroll week ending date.
We identified 29 payrolls that were not collected by the Department before the end of the audit period. Of the 547 payrolls submitted to the Department, 305 (56 %) were not submitted within seven days of the payroll week ending date, as required by federal law and the Construction Manual. On average, these payrolls were 21 days late and we found:
• 145 payrolls were between one and seven days late;
• 65 payrolls were between eight and 14 days late;
• 47 payrolls were between 15 and 30 days late; and
• 48 payrolls were more than 30 days late, with the oldest being 279 days late
Review of certified payrolls
We performed additional testing to determine whether the Department submitted a request to the contractor to supply overdue payrolls in the PWIA system, as required by the Construction Manual. We found 204 overdue payrolls (67 %) had no requests submitted to the prime contractor or subcontractor (if applicable). Additionally, 95 of these payrolls were submitted more than one week late, with the oldest being 279 days late.
We inquired with the Department as to whether any sanctions were imposed upon contractors with late or missing certified payroll submissions. We determined two payments related to one contract from our sample had payment partially withheld due to delinquent payrolls. However, we received no additional records to demonstrate sanctions imposed on contractors for the weeks reviewed as part of the audit.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Management did not adequately monitor Project Offices and the PWIA system to ensure compliance with federal requirements and the Construction Manual. While the Department’s Construction Manual and Standard Specifications have documented policies and procedures in place for Project Engineers to follow to track certified payrolls due from contractors, they do not include clear guidance on when and how Project Engineers follow up on late submissions and issue sanctions. Additionally, Project Engineers did not consistently follow these policies when monitoring contractors for compliance and documenting certified payrolls due on construction projects.
Effect of Condition
Without collecting all certified payrolls timely, the Department cannot ensure that laborers working on federally funded construction contracts are being paid the applicable prevailing wages, as required by law, which could make the Department and the contractor vulnerable to sanctions by the U.S. Department of Labor.
In addition, by not collecting certified payrolls on a weekly basis, the Department is not in compliance with federal requirements and may be subject to actions by the federal grantor.
Recommendations
We recommend the Department:
• Improve internal controls to ensure Project Engineers monitor the status of certified payrolls due from contractors on a weekly basis in accordance with its Construction Manual, ensure contractors are made aware of delinquent payrolls, and consideration is given to assessing sanctions on noncompliant contractors in accordance with its Standard Specifications, such as withholding any or all payments to the contractor, as necessary, when contractors do not submit required certified payrolls on a weekly basis
• Monitor projects offices to ensure contractors are notified in PWIA when they have not provided certified payrolls for a given week of contract work, in accordance with the Construction Manual, and request all overdue or missing payrolls immediately
• Ensure certified payrolls are collected from prime contractors and all subcontractors on a weekly basis, in accordance with federal law and the Construction Manual
• Consider modifying the Construction Manual to define the circumstances in which sanctions must be imposed upon contractors with incomplete, overdue or missing certified payrolls
Department’s Response
The Washington State Department of Transportation appreciate the State Auditor’s Office (SAO) audit of the Federal Highway Administration’s (FHWA) Program. The Department is committed to ensuring our programs comply with federal regulations.
As WSDOT indicated in previous years for similar findings, the draft audit finding does not consider the nature of the contractual relationship between the contractor and WSDOT as the owner. The owner's compliance with the Davis-Bacon Act and regulations cited in the finding is determined by collective actions specified by regulations and not merely by how many payrolls are collected from the contractor within an arbitrary 7-day window. WSDOT, in close consultation with the FHWA, has established contract administration processes with contingencies built in to address and correct for contractor noncompliance. In addition, WSDOT will not issue project Completion until all certified payrolls are collected (Standard Specifications 1-08.5.2, Time for Completion). FHWA guidance recommends actions to take if a contractor is habitually late in submitting payrolls but leaves it up to WSDOT to determine when sanctions should be imposed. WSDOT’s Standard Specifications (1-07.9(5)) on certified payrolls aligns with FHWA guidance. Sanctions are imposed as appropriate during the life of a contract. We also point out that SAO only reviewed the Department’s actions taken, such as sanctions, only as they applied to the original weeks tested, not for other weeks within the contract. Sanctions are taken when contractors meet certain criteria such as being habitually late. As a result, SAO did not review or consider all evidence we provided of sanctions taken on late payrolls during the contract period, when it was not within the weeks originally tested. We will continue to look for opportunities to improve our process as well as our documentation to demonstrate compliance with the Davis-Bacon Act requirements. In addition, we will continue consulting with FHWA for any further actions needed to resolve this finding. Changes to the Construction Manual just approved by FHWA in January 2025, will help to clarify timeliness in submission of certified payrolls and Department follow up actions, and should help clarify the rules we’re evaluated against regarding certified payrolls
In FHWA’s management decision letter of November 14, 2024, in response to a similar finding for FY 2023, the grantor states “FHWA believes that WSDOT’s procedures, in their entirety, contain the necessary controls to ensure reasonable compliance with 29 CFR 5.5 and FHWA Davis-Bacon and Related Acts Questions and Answers. Ensuring all certified payrolls are collected, and considering sanctions or other appropriate actions for missing payrolls using the methods outlined in WSDOT’s procedures provide sufficient internal control and reasonable compliance, notwithstanding the collection of the payrolls within a seven-day period. FHWA considers this finding to be resolved.”
In this year’s audit, the State Auditor sampled 85 weeks and the required 547 certified payrolls for contract work performed on federally funded construction projects during that period. WSDOT collected all the required 547 certified payrolls. SAO identified 29 payrolls that were “not collected by the Department before the end of the audit period”, however these payrolls were collected. Because these 29 payrolls were collected during a week that SAO had not tested, the auditor did not report the payrolls as collected. Of the 547 payrolls only 48 were 30-days or more late and only 25 (4.5%) were 60-days or more late. This result is below the exception threshold typically allowed by the State Auditor of 5%. At 60-days, the Department has its first opportunity to initiate sanctions against the contractor. Of the 25 payrolls that were at least 60-days late, WSDOT had imposed sanctions against a contractor, including withholding payment. WSDOT had also performed actions, such as notifying the contractors via email or during weekly meetings with the contractors. Sanctions prior to 60-days, are not feasible, as the contractors are paid monthly for the prior month’s work, and WSDOT has 30-days to process payments.
As indicated last year, WSDOT is in the midst of delivering its largest and one of its most complex construction programs in our history and is doing so with lower and less experienced staffing levels than it had to deliver past construction programs.
Auditor’s Remarks
In determining our audit opinion on the Department’s compliance, we did not give consideration to payrolls collected after the one-week due date that were also collected after the audit period ended. Regarding the 29 missing certified payrolls, based on Department records and PWIA, as of our audit, 10 of these payrolls had not yet been collected by the Department. The 19 payrolls that were eventually collected were received by the Department from July 2, 2024 to January 9, 2025, which is between 10 and 426 days beyond the one-week due date, and between two and 193 days after the audit period end date.
Our testing of contractor certified payrolls was designed to address the U.S. Department of Labor (USDOL) regulations outlined in the Davis-Bacon Act and related requirements concerning federally-funded construction projects (Title 29 CFR, Subpart A – Davis-Bacon and Related Acts Provisions and Procedures, Subsection 5.5). These requirements, in addition to the suggested audit procedures in Part 4 of the Uniform Guidance Compliance Supplement, were applied to our audit testing. Federal law requires for contractors and subcontractors participating in federal-aid construction projects to submit weekly and for each week certified payrolls to the Department. In addition, the Department’s Construction Manual requires contractors to submit certified payrolls on federal-aid projects weekly regardless of whether or not work was performed. Using these criteria expanded upon in the Applicable Laws and Regulations below, we do not believe our interpretation that payrolls should be collected in the week following the preceding payroll week’s ending date is arbitrary.
Furthermore, the USDOL Wage and Hour Division’s Final Rule (effective October 23, 2023) concerning the Davis-Bacon and Related Acts Regulations, stipulates that “contractors and subcontractors are required to provide certified payrolls to the contracting agency to demonstrate their compliance with Davis-Bacon Act requirements on a weekly basis,” and that “the Department cannot allow contractors to pay required prevailing wages or submit certified payrolls on a basis less frequent than weekly.”
We reviewed all documentation provided by the Department addressing late or missing contractor certified payrolls. The Department’s records show only two contract payments (only one of which corresponded to a week we examined as part of this audit) had partial payment withheld from the prime contractor. In addition, the Department only followed up on one-third of its overdue payrolls examined as part of this audit by submitting requests to the contractor to furnish the required payrolls as outlined in the Construction Manual. We believe these observations support our opinion that the Department’s internal controls were not sufficient to detect and correct material noncompliance with respect to the federal requirements. The Department also acknowledges in its response that approximately nine percent of its certified payrolls collected from contractors were more than 30 days late which we believe is significant, as the Department reviews pay estimates from prime contractors on a monthly basis, and this indicates that the Department is not following up on overdue contractor certified payrolls weekly as the Construction Manual requires.
The Department also states it is not feasible to impose sanctions upon contractors with habitually late payrolls before 60 days have passed from the week(s) of work ending due to its designed payment delivery method. Without ensuring its prime contractors have submitted certified payrolls for their employees and for all approved subcontractors performing work under the contract, the Department cannot ensure the contractor has paid prevailing wages to all laborers and mechanics, and that laborers have been paid on a weekly basis, as federal law requires.
We appreciate the Department’s willingness to re-define its contractor monitoring requirements in its Construction Manual with the federal grantor, and we expect that these revisions more narrowly define the expectations for what specific follow-up actions the Department must take against the contractor and define the timelines for performing necessary follow-up actions.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 29 CFR Part 5, Labor Standards Provisions Applicable to Contract Covering Federally Financed and Assisted Constructed (Also Labor Standards Provisions Applicable to Nonconstruction Contracts Subject to the Contract Work Hours and Safety Standard Act), section 5, Contract provisions and related matters, establishes the requirements for including prevailing wage clauses in federal-aid contracts, payment withholding, and required documents.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Federal Highway Administration Davis-Bacon and Related Acts Questions and Answers, section 56, states that contracting agencies are responsible for properly applying and enforcing prevailing wage requirements in covered contracts including:
a. Verifying that covered contracts have incorporated the required Davis-Bacon clauses and the applicable wage determination(s);
b. Verifying that the Davis-Bacon notice and the applicable wage determination(s) are displayed at the site of the work in a conspicuous location in clear view of everyone;
c. Reviewing certified payrolls in a timely manner;
d. Conducting employee interviews
e. Conducting reviews and investigations of covered contracts in conjunction with FHWA as appropriate;
f. Forwarding refusal to pay and/or debarment consideration cases to the USDOL Wage and Hour Division for appropriate action; and
g. Submitting enforcement reports and semi-annual enforcement reports to the USDOl Wage and Hour Division
The Washington State Department of Transportation’s Construction Manual (M41-01.43), April 2024 edition, section 1-07.9, Wages, states in part:
Federal Prevailing Wage
Enforcement of Federal Prevailing Wage Provisions
In addition to the requirements of Standard Specifications Section 1-07.9, all Contracts financed with Federal funding includes the Required Contract Provisions for Federal-Aid Construction Contracts (FHWA-1273). These provisions identify Federal wage requirements. The Federal prevailing wage requirements included in these provisions are also commonly referred to as Davis Bacon and Related Acts (DBRA). It is the Project Engineer’s responsibility to monitor and enforce these provisions to the degree necessary to ensure full compliance. In order to comply with these requirements, the Contractor must:
Submit weekly certified payrolls to the Project Engineer through LNI’s Prevailing Wage Intents and Affidavits (PWIA) system.
Ensure each Subcontractor, and each agent or lower-tier subcontractor submits weekly certified payrolls to the Project Engineer through PWIA.
SS1-07.9(5) Required Documents
Statement of Intent
Every Contractor, Subcontractor, agent, or lower tier subcontractor performing work on a public works contract must submit a Statement of Intent to Pay Prevailing Wages to LNI for approval. Separate Intents are required for each Request to Sublet submitted on the project. Hiring Contractors are required to file an Intent if they hire a lower tier subcontractor subject to prevailing wages.
Affidavit of Wages Paid
Prior to Contract Completion, the Contractor, all Subcontractors, agents and lower-tier subcontractors must submit an Affidavit of Wages Paid to the Project Engineer using PWIA. The form may be submitted earlier by a Subcontractor or lower-tier subcontractor if that firm’s work is completed prior to Completion of the Contract. All Affidavits must be approved by LNI prior to Contract Completion.
Certified Payroll
Certified payroll must be submitted to the Project Engineer through PWIA for each Contractor, Subcontractor, and each lower tier subcontractor performing work on the project, regardless of funding source or delivery method. Certified payrolls are required from the time each Firm begins performing Contract work until the time the Affidavit is visible in PWIA, or until the Contractor has identified their last certified payroll has been Submitted. Once the Affidavit is visible in PWIA, the Affidavit has been approved by LNI. The last working day is included on the Affidavit, and the Project Office should compare this date to the last certified payroll submitted.
A tracking sheet is required to document when Project Office staff verify that certified payrolls are received through PWIA. The frequency of verification depends on the funding source of the project. Weekly verification is required for federally funded projects, while monthly verification is required for state funded contracts. The tracking sheet needs to indicate that all active Contracts have been checked for late or missing certified payrolls. PWIA will be used to track requests made for missing certified payrolls. A separate tracking sheet may be used to track which certified payrolls have been verified for each Project.
Federally funded projects require weekly submittals. Further review of the payroll will be required to ensure the Federal prevailed wage rate is met using the Wage Determination included in the Contract Special Provisions.
Federally funded Contracts:
• Weekly submittals
• No leniency on late submittals
• Required for every week, whether work was performed or not
• Enforcement of all Federal requirements will remain WSDOT responsibility
Federally funded projects require weekly submittal of certified payrolls. If the Contractor is unable to submit their payroll electronically using PWIA, they must submit the certified payrolls directly to the Project Office.
Non-compliance or non-submittal could result in the Project Engineer withholding an
appropriate portion of payment (see Section SS 1-09.9).
The Washington State Department of Transportation’s Construction Manual (M41-01.43), April 2024 edition, section 1-09, Measurement and Payment, states in part:
Withholding of Payments
Withholding payments for the work the Contractor has performed and completed in accordance with the contract should not be done casually. There must be clear contract language supporting the action. The authority to withhold progress payments is subdelegated to the Regions. Further delegation to the Project Engineers is at the discretion of each Region.
Delinquent Contractor Submittals
Missing submittals is a principal source of delays in closing out the project and processing the final estimate. As the project proceeds toward completion, the Project Engineer and the Contractor should attempt to obtain all submittals as the need arises. These might include such things as materials certificates, certified payrolls, extension of time requests, or any other item or document that delay processing the final estimate.
2024-014 The Washington State Department of Transportation did not have adequate internal controls over and did not comply with quality assurance program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction program.
Assistance Listing Number and Title: 20.205 Highway Planning and Construction
Federal Grantor Name: U.S. Department of Transportation
Federal Award/Contract Number: Too numerous to list. All approved subaward projects under the Federal Highway Administration Stewardship and Oversight Agreement.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Quality Assurance Program
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-014
Background
The Washington State Department of Transportation receives federal funding under the Highway Planning and Construction Program for highway construction projects throughout the state. Some of these projects are awarded to contractors who perform the work on behalf of the Department. The Department spent about $818 million in federal Highway Planning and Construction program funds during fiscal year 2024. Of that amount, it spent more than $389 million on state-administered construction projects.
Federal regulations require that the Department have a quality assurance (QA) program, approved by the Federal Highway Administration (FHWA), for construction projects on the National Highway System to ensure that materials and workmanship conform to approved plans and specifications. Verification sampling must be performed by qualified testing personnel employed by the Department or its designated agent, excluding the contractor.
The Department’s QA program requirements are outlined in the Construction Manual, which is approved by the FHWA. This manual documents how materials are tested for acceptance before being incorporated into construction projects. Materials can be accepted in various ways, such as sample testing, a visual inspection documented by the Field Note Record or Inspector’s Daily Report, or a certification of compliance from the manufacturer. If a materials test is required, the Department must ensure that only qualified people perform the testing, including independent testers, consultants or certified Department employees.
To ensure that materials incorporated into a project meet approved plans and specifications, the Department prepares a list of prescribed materials to be used on the project. The Department uploads this list to a program called the Record of Materials (ROM). The ROM sets forth the materials and quantities that are expected to be used on the project, and it documents the proper acceptance criteria, including any test(s) personnel are required to perform on a material.
To ensure that only qualified people perform the testing, testers must pass a certification exam, which consists of a written and performance exam. After passing both, the testers are entered into the Qualified Tester Database and are certified for five years, after which they must recertify by passing both exams again. There are two different types of tester qualifications: module and method. Module testers are proficient in multiple method tests that can encompass all method tests for a particular material, whereas method testers may only be proficient in particular tests for any given material.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed materials testing for projects funded by the Highway Planning and Construction program. The prior finding numbers were 2023-014, 2022-011, 2021-011, 2020-017 and 2019-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with QA program requirements to ensure materials conformed to approved plans and specifications, and that only qualified personnel performed testing for projects funded by the Highway Planning and Construction program.
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
We used a statistical sampling method and randomly selected and examined 58 out of a total population of 1,687 materials that were used on federally funded projects during state fiscal year 2024. For the 58 randomly selected materials, we requested supporting documentation for acceptance and/or testing of the material. We found:
• One material where the Department did not obtain the manufacturer’s certificate of compliance
• One material where the project engineer did not perform testing in accordance with the Department’s Standard Specifications
Testing personnel were not properly certified
We obtained data from the Department to identify materials tested for acceptance during the audit period. Using this data, we identified 1,080 unique tester and acceptance test types corresponding to the materials tested. We used a statistical sampling method and randomly selected and examined 57 out of the 1,080 to verify whether the testers performing materials testing for the Department had all required documents to support the tester’s certification. We found:
• One instance where the tester was missing a required exam for certification
• Three instances where the Department was unable to provide documentation to support that the tester met certification requirements
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Materials acceptance testing did not conform to Standard Specifications and the Construction Manual
Management did not adequately monitor project offices to ensure all required materials testing and acceptance occurred in accordance with the Construction Manual.
Testing personnel were not properly certified
Project Engineers did not ensure tester qualifications were current, and management did not ensure that only qualified testers performed materials testing and acceptance on behalf of the Department.
Effect of Condition
By not adequately monitoring project materials to ensure they conform to approved plans and specifications, the Department does not have reasonable assurance that materials incorporated into projects conform to standard specifications and the Construction Manual.
By not properly verifying and documenting the testers’ qualifications, the Department risks improper material testing. This could result in the Department using materials that may not conform to approved plans and specifications.
Recommendations
We recommend the Department:
• Improve internal controls, and monitor project offices, to ensure that required sampling activities occur, as required, and permanently incorporated materials conform to standard specifications for all federal aid construction projects
• Strengthen internal controls to ensure testers have completed all required exams and that they have proper documentation of passing these exams before performing sampling activities
• Continue to review all testers to ensure they meet the minimum requirements for certification before performing materials testing on projects receiving federal aid
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office (SAO) audit of the Federal Highway Program and the federally required Quality Assurance (QA) program. The Department is committed to ensuring our programs continue to comply with federal regulations and recognizes that there are always opportunities for improvement to its QA program.
The Department continues towards replacement of its ROM legacy system; therefore, it was not practical to modify this system to help correct issues reported in a similar finding in previous Single Audits. Instead, the Department eliminated its practice requiring updates to the ROM within 30 days of payment and instead relies on the required documentation, as evidence of proper material acceptance. In addition, WSDOT modified its practice related to how tester data is reviewed and entered into the tester certification tracking system, as a result of audit recommendations from a prior audit, however this change was not formally adopted into policy until the Construction Manual was approved in April 2024. All offices now funnel tester data to the Headquarters Quality Assurance Program for review and entry. These changes to practices were communicated to appropriate staff and are reflected in the Construction Manual, which was reviewed and approved by FHWA.
Materials Acceptance
The construction contracts awarded in FY24 utilizing federal funding contained more than 4,600 materials and SAO identified 1,687 that required testing. SAO examined documentation for 58 materials that required testing. Through our review of SAO’s exceptions the Department found only 2 materials (3.4%) where we could not provide documentation to support that testing occurred or was not required.
Testing Personnel Certifications
FY24 had over 7,000 materials tested. The State Auditor selected and reviewed documentation for 57 tests and whether the testers performing materials testing activities for the Department had all required documents to support their certification and took exception to documentation provided. The Department had 3 testers perform material acceptance tests before they passed their certification testing and could not locate the required exam for 1 tester.
The Department has worked closely with the Federal Highway Administration (FHWA) on our QA program and continues to receive feedback from them on the strength of our program. The Department will continue to put improvements in place for the QA program based on the SAO audit recommendations. These issues will be discussed at the 2025 Material Assurance Training offered 3/19/2025, and we will continue to deliver other training to Project Engineering Offices to emphasize QA program requirements throughout the year.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 23 U.S. Code of Federal Regulations (CFR) Part 637, Construction Inspection and Approval establishes the following applicable requirements:
Section 637.201 Purpose
To prescribe policies, procedures, and guidelines to assure the quality of materials and construction in all Federal-aid highway projects on the National Highway System.
Section 637.205 Policy
a. Quality assurance program. Each STD shall develop a quality assurance program which will assure that the materials and workmanship incorporated into each Federal-aid highway construction project on the NHS are in conformity with the requirements of the approved plans and specifications, including approved changes. The program must meet criteria in (Section 637.207) and be approved by the FHWA.
b. STD capabilities. The STD shall maintain an adequate, qualified staff to administer its quality assurance program. The State shall also maintain a central laboratory. The State’s central laboratory shall meet the requirements in (Section 637.209(a)(2))
c. Independent assurance program. Independent assurance samples and tests or other procedures shall be performed by qualified sampling and testing personnel employed by the STD or its designated agent.
d. Verification sampling and testing. The verification sampling and testing are to be performed by qualified testing personnel employed by the STD or its designated agent, excluding the contractor and vendor.
e. Random samples. All samples used for quality control and verification sampling and testing shall be random samples.
Section 637.207 Quality assurance program
a. Each STD’s quality assurance program shall provide for an acceptance program and an independent assurance (IA) program consisting of the following:
1. Acceptance program.
i. Each STD’s acceptance program shall consist of the following:
A. Frequency guide schedules for verification sampling and testing which will give general guidance to personnel responsible for the program and allow adaptation to specific project conditions and needs.
B. Identification of the specific location in the construction or production operation at which verification sampling and testing is to be accomplished.
C. Identification of the specific attributes to be inspected which reflect the quality of the finished product.
ii. Quality control sampling and testing results may be used as part of the acceptance decision provided that:
A. The sampling and testing has been performed by qualified laboratories and qualified sampling and testing personnel.
B. The quality of the material has been validated by the verification sampling and testing. The verification testing shall be performed on samples that are taken independently of the quality control samples.
C. The quality control sampling and testing is evaluated by an IA program.
The Department of Transportation’s Construction Manual (M41-01), Chapter 9: Materials, states in part:
9-1 General
The quality of materials used on the project will be evaluated and accepted in various ways, whether by testing of samples, visual inspection, or certification of compliance. This chapter details the manner in which these materials can be accepted. Requirements for materials are described in Standard Specifications for Road, Bridge, and Municipal Construction M 41-10 Section 1-06 and Division 9.
It is the Project Engineer’s responsibility to accept materials in accordance with this chapter. For materials that do not meet specification requirements, the Project Engineer shall contact the State Construction Office which will coordinate with the State Materials Engineer or Assistant State Materials Engineer to determine the appropriate action.
9-1.2C Record of Materials
The Project office is required to maintain documentation in the project records on quantities paid, quantities placed, quantities field verified for materials that have sampling frequencies, WSDOT Fabrication Inspection items, or where quantities are needed for Acceptance Criteria such as Manufacturer Certificate of Compliance. Any changes to the acceptance requirements, additional permanently incorporated materials used, or any additional materials added to the project by change order or force account need to be documented and tracked in the project records.
9-5.3 WSDOT Testing Technician Qualification Program (WTTQP)
All testing Technicians that conduct QA/QV testing shall be certified through the WTTQP. For registration information contact the Region Independent Assurance Inspector.
The purpose of this program is to provide uniform statewide testing by ensuring testing technicians meet the WTTQP module certification and method qualification process below. This program is based on AASHTO R 25.The State Quality Systems Manager performs oversite of WSDOT’s Testing Technician Qualification Program (WTTQP). The Quality Systems Section at the State Materials Laboratory is responsible for maintaining the Tester Qualification database information for all WTTQP Testing Technicians. A Testing Technician will not be certified or qualified until listed as “Available” by the Quality Systems Manager.
The Region Independent Assurance Inspectors are responsible for entering their region data into the Tester Qualification database and submitting the WTTQP internal certification or qualification records to the Quality Systems Section.
2024-015 The Housing Finance Commission did not have adequate internal controls over eligibility requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-022
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2024, the Commission spent about $70.8 million in HAF funds. The Commission is required to ensure all homeowners who receive HAF funds are eligible for the program. The HAF Plan Term Sheet, approved by the federal grantor, outlines the general eligibility requirements for the program. The Commission entered into an agreement with a contractor to perform eligibility determinations for the program. As part of the agreement, the contractor reviews eligibility determinations for 10% of applications that were approved, denied and withdrawn each quarter. To ensure the contractor made the correct determinations, Commission staff reviews eligibility determinations that the contractor reviewed. For the first two quarters of the year, Commission staff reviewed 10% of the eligibility determinations reviewed by the contractor then increased this review to 20% for the last two quarters.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Commission did not have adequate internal controls over eligibility requirements. The prior finding number was 2023-022.
Description of Condition
The Commission did not have adequate internal controls over eligibility requirements for the HAF program.
During the first two quarters of the audit period, the Commission only reviewed 1% of all approved, denied and withdrawn applications. During the third quarter, the Commission increased its review to 2% of all approved, denied and withdrawn applications. The determinations that staff reviewed were only taken from those that the contractor selected, so the Commission had no assurance that the application determinations the contractor did not select were made properly. During the last month of the year, the Commission began reviewing eligibility determinations of all applicants before issuing a payment. Because the Commission did not perform any additional independent reviews for 11 out of the 12 months, we determined the Commission did not perform an adequate level of review to ensure proper eligibility determinations were made for the program as a whole.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
Management believed the level of review Commission staff performed was adequate to ensure proper eligibility determination for all HAF applicants.
Effect of Condition
Without establishing adequate internal controls, the Commission is at a higher risk of paying ineligible homeowners. Additionally, by only reviewing cases that the contractor selected, there is a risk that the eligibility determinations that Commission staff reviewed were not representative of the program as a whole.
Recommendations
We recommend the Commission:
• Improve internal controls to ensure it only provides HAF funds to eligible homeowners
• Ensure that Commission staff perform and document an adequate review of approved, denied and withdrawn HAF applications that are independent of those the contractor reviewed
Commission’s Response
The Commission concurs with this finding.
In response to the prior year’s finding, the Commission doubled its quality control review, participates in the selection of QC files and conducts an independent of those verified by the contractor to ensure a more representative population. In addition, the Commission immediately implemented an independent review of all payments for eligibility under the HAF Program guidelines prior to disbursing funds. The Commission implemented these changes in late FY 2024.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Eligibility. Under this program, HAF participants are responsible for ensuring funds are used for eligible purposes. Generally, HAF participants must develop and implement policies and procedures, and record retention, to determine and monitor implementation of criteria for determining the eligibility of beneficiaries and / or Subrecipients. HAF participants, and if applicable, the Subrecipient(s) administering a program on behalf of the HAF participant, will need to maintain procedures for obtaining information evidencing a given beneficiary, Subrecipient, or contractor’s eligibility, including a valid SAM.gov registration. Implementing risk-based due diligence for eligibility determinations is a best practice to augment your organization’s existing controls.
2024-016 The Housing Finance Commission did not have adequate internal controls over earmarking requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-023
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2024, the Commission spent about $70.8 million in HAF funds. The Commission must meet earmarking requirements for the following four categories:
1. Counseling or educational efforts by housing counseling agencies approved by the U.S. Department of Housing and Urban Development (HUD), tribal government (including such efforts by in-house housing counselors who are HUD certified or tribally approved), or legal services, targeted to households eligible to be served with funding from the HAF related to foreclosure prevention or displacement, in an aggregate amount up to 5% of the funding from the HAF received by the HAF participant.
2. Planning, community engagement, needs assessment and administrative expenses related to the HAF participant’s disbursement of HAF funds for qualified expenses, in an aggregate amount not to exceed 15% of the funding from the HAF received by the HAF participant.
3. Participants are providing not less than 60% of funds to homeowners with income less than 100% of area median income (AMI) or 100% of U.S. median income.
4. Participants target homeowners who are classified as socially disadvantaged individuals (SDIs) and 100% AMI or less.
The Commission is required to meet the requirements of the first, second and third earmarks when the HAF funds are fully expended. When administering the program, the Commission is required to have processes in place to track these requirements to ensure it is compliant at the end of the award.
The HAF Plan, approved by the federal grantor, outlines the program design and the budget allocation for the earmarking categories. These amounts are based on the award being fully expended. For the first two earmarking requirements, the Commission used these budgets to contract for necessary services. Commission staff then maintained a tracking spreadsheet to ensure payments did not exceed the contracted amount.
For the third earmark requirement, the Commission allocated 77% of the HAF award to homeowners, and it required all homeowners to have an income less than 100% AMI. For the fourth earmark requirement, the Commission contracted with a contractor to perform outreach targeting SDIs and those that are less than 100% AMI.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Commission did not have adequate internal controls over earmarking requirements. The prior finding number was 2023-023.
Description of Condition
The Commission did not have adequate internal controls over earmarking requirements for the HAF program.
During the audit period, the Commission tracked contractor payments applicable to the first and second earmarking requirements. However, expenditures were tracked in relation to the amounts budgeted in the HAF Plan. The Commission did not review these expenditures in relation to overall program expenditures to ensure they were on track to be compliant with the established earmarks.
For the third earmarking requirement, the Commission relied on eligibility determinations made by a contractor to ensure all homeowners in the HAF program have income less than 100% AMI. We determined the Commission did not have an adequate process to ensure all applicants met eligibility requirements. This condition is reported as a material weakness in internal controls in audit finding 2024-015.
We did not identify any internal control deficiencies over the fourth earmarking requirement.
We consider this internal control deficiency described above to be a material weakness.
Cause of Condition
While Commission staff tracked payments made to contractors allocated in the HAF Plan, management did not implement procedures to track these amounts to the total program expenditures to be able to ensure compliance.
Additionally, management believed the level of eligibility determination review Commission staff performed was adequate to ensure proper eligibility determination for all HAF applicants.
Effect of Condition
Without adequate internal controls, the Commission is at risk of not meeting the earmarking requirements when the award closes if budget allocations change or the award is not fully expended.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure that it tracks and meets the earmarking requirements
• Improve internal controls to ensure eligibility determinations are made properly
Commission’s Response
The Commission concurs with this finding.
In response to the prior year’s finding, the Commission is implementing a monthly review of drawdown rates to track and meet earmarking requirements relative to expenditure levels. Additionally, the Commission doubled its quality control review, participates in the selection of QC files and conducts an independent of those verified by the contractor to ensure a more representative population. In addition, the Commission immediately implemented an independent review of all payments for eligibility under the HAF Program guidelines. The auditor’s recommendations and the Commission’s implementation began in late FY 24 and was not wholly reflected in this current audit.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund Guidance, states, in part:
Qualified Expenses:
Counseling or educational efforts by housing counseling agencies approved by HUD or a tribal government (including such efforts by in-house housing counselors who are HUD certified or Tribally approved), or legal services, targeted to households eligible to be served with funding from the HAF related to foreclosure prevention or displacement, in an aggregate amount up to 5% of the funding from the HAF received by the HAF participant.
Planning, community engagement, needs assessment, and administrative expenses related to the HAF participant’s disbursement of HAF funds for qualified expenses, in an aggregate amount not to exceed 15% of the funding from the HAF received by the HAF participant.
2024-017 The Housing Finance Commission did not have adequate internal controls over reporting requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-025
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2024, the Commission spent about $70.8 million in HAF funds. The Commission implemented a pilot program before launching the main HAF program. The Commission contracted with a contractor to help implement the main HAF program and maintain participant data. The Commission is required to submit an annual performance report that provides an overview of its intended and actual uses of funding to-date for the pilot and main HAF programs. The federal grantor identified two key lines items on the report that contained critical information:
1. Socially Disadvantaged Individuals (SDIs) – Quantifiable Objective Criteria: Participants are providing not less than 60% of funds to homeowners with income less than 100% area median income (AMI) or 100% of U.S. median income.
2. AMI – Quantifiable Objective Criteria: Participants target homeowners that are classified as SDI and 100% AMI or less.
The HAF Plan, approved by the federal grantor, outlines the budget allocations, goals and types of assistance for the Washington HAF program. The HAF reporting portal automatically populates each section of the annual report template with information from this plan. The Commission is required to submit a narrative on the status of each section. Commission staff use participant data provided by the contractor to complete the report template. Once completed, the preparer submits the report in the HAF reporting portal without management review.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Commission did not have adequate internal controls over and did not comply with reporting requirements. The prior finding number was 2023-025.
Description of Condition
The Commission did not have adequate internal controls over reporting requirements for the HAF program.
The contractor only provided summary-level data to the Commission at the time of reporting. As a result, Commission staff did not have detailed supporting documentation to review to verify that the total amounts in the contractor’s reports were complete and accurate. Additionally, the Commission did not have documented evidence to support that management reviewed the annual report before submission.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Commission did not require the contractor to submit detailed support for the total numbers provided for reporting to ensure all categories were included. Additionally, the Commission did not ensure adequate management review of the report before submission.
Effect of Condition
Without establishing adequate internal controls, which should include reviewing the reports and the detailed supporting documentation to ensure the correct data is reported, management cannot ensure that the reports are complete and accurate.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
Commission’s Response
The Commission concurs with this finding.
The Commission has implemented a system of controls and management review to ensure that data reported to the federal grantor is complete and accurate. The auditor’s recommendations came after the FY 23 Annual Report was filed and will be reflected in the upcoming FY24 Annual Report. The new process has been used in the quarterly reporting.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 328, Financial reporting, states:
(a) The Federal agency must require only OMB-approved government-wide data elements on recipient financial reports. At the time of publication, this consists of the Federal Financial Report (SF-425); however, this also applies to any future OMB-approved government-wide data elements available from the OMB-designated standards lead.
(b) The Federal agency or pass-through entity must collect financial reports no less than annually. The Federal agency or pass-through entity may not collect financial reports more frequently than quarterly unless a specific condition has been implemented in accordance with § 200.208. To the extent practicable, the Federal agency or pass-through entity should collect financial reports in coordination with performance reports.
(c) The recipient or subrecipient must submit financial reports as required by the Federal award. Reports submitted annually by the recipient or subrecipient must be due no later than 90 calendar days after the reporting period. Reports submitted quarterly or semiannually must be due no later than 30 calendar days after the reporting period.
(d) The final financial report submitted by the recipient must be due no later than 120 calendar days after the conclusion of the period of performance. A subrecipient must submit a final financial report to a pass-through entity no later than 90 calendar days after the conclusion of the period of performance. See also § 200.344. The Federal agency or pass-through entity may extend the due date for any financial report with justification from the recipient or subrecipient.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of the Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Programmatic Information Requirements
HAF participants are required to submit an Annual Performance Report on an annual basis and demonstrate the impact of the HAF-financed programs. Reports should include data related to program outputs and outcomes against the stated objectives of the HAF participant’s HAF Grant Plan.
Performance Goals
HAF participants initially submitted performance goals on the use of HAF awarded funds in their approved Grantee Plan. Each one of the performance goals should have identified how the HAF participant will address homeowner needs and should have been disaggregated by key characteristics such as mortgage type, racial and ethnic demographics, and/or geographic areas, as appropriate. HAF participants will be required to provide a status update and quantitative measures, if applicable, on each of their initial performance goals set forth in their Grantee Plan. Please note, HAF participants will not have the ability to alter their original performance goals noted in their Grantee Plan nor add additional performance goals in the Annual Report.
Methods for Targeting and HAF Funding
HAF participants were asked in their original Grantee Plan to describe how the HAF participant will effectively target HAF award funds to (1) homeowners with incomes equal to or less than 100% of the area median income or equal to or less than 100% of the median income for the United States, whichever is greater; and (2) socially disadvantaged individuals. The description included the HAF participant’s targeting strategies. HAF participants will be required to provide an update on their targeting methods and if they have appropriately executed targeting methods according to their original Grantee Plan.
2024-018 The Housing Finance Commission did not have adequate internal controls over and did not comply with reporting requirements for the Homeowner Assistance Fund program.
Assistance Listing Number and Title: 21.026 COVID-19 Homeowner
Assistance Fund
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: None
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-024
Background
The American Rescue Plan Act of 2021 provided $9.96 billion to the Homeowner Assistance Fund (HAF) program. The U.S. Department of the Treasury provides funds directly to states, U.S. territories and Indian tribes to assist eligible homeowners experiencing financial hardship due to the COVID-19 pandemic. Program funds can be used to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and homeowner displacement. The law prioritizes funds for homeowners who have experienced hardships, leveraging local and national income indicators to maximize the program’s impact.
The Housing Finance Commission administers the HAF program in Washington. In fiscal year 2024, the Commission spent about $70.8 million in HAF funds. The Commission is required to submit quarterly financial reports that have information on the cumulative obligations and expenditures to date. These reports are due 45 days after the end of each quarter. The federal grantor specified there were two key lines items on the report that contained critical information:
1. Administrative Expenses – Quantifiable Objective Criteria: Obligations and expenditures do not exceed 15% for admin expenses.
2. Services, Counseling & Education – Quantifiable Objective Criteria: Obligations and expenditures do not exceed 5% for legal services, counseling and education.
The HAF Plan, approved by the federal grantor, outlines the budget allocation of administrative, services, counseling and education expenditures. Administrative expenses are subcategorized by 10 program design elements, and counseling and education expenses are subcategorized by two program design elements. The Commission is required to report expenditure and obligation data on each program design element. The Commission uses these allocations to contract required services. Commission staff maintain a tracking spreadsheet for HAF obligations and payments made to contractors. For the 2023 quarter three report, Commission staff use data from this spreadsheet to fill out the quarterly reporting template. For the 2023 quarter four report and subsequent reports, the Commission used this spreadsheet to report obligations and then used accounting data for expenditures. Once completed, the Commission submits the report in the HAF reporting portal.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Homeowner Assistance Fund program. The prior finding number was 2023-024.
Description of Condition
The Commission did not have adequate internal controls over and did not comply with reporting requirements for the HAF program.
The spreadsheets used to track obligation and expenditure data for the 2023 Q3 report was not accurate and complete. We determined staff were reporting expenditures that had not been paid in the expenditure category instead of as obligations. We also determined staff made errors when recording the obligation amounts. These errors included not properly realizing all the expenditures in the accounting system, not realizing all administrative obligations and including obligations that were not supported. Starting with the 2023 Q4 report and the subsequent reports, the Commission used accounting data when reporting on expenditures.
We examined all four quarterly reports and all four reports that we examined had errors, as summarized below.
In the 2023 Q3 report we noted:
• For key line item one, nine out of 16 sections had errors.
o The range of these discrepancies for obligations was between $393,154 underreported to $1,120,000 overreported. The variances of these discrepancies ranged from -100% to 127.27%.
o The range of these discrepancies for expenditures was between $394,154 underreported to $246,382 overreported. The variances of these discrepancies ranged from -100% to 13.44%.
• For key line item two, two out of four sections had errors.
o The one discrepancy for obligations was $911,060 overreported. This is a variance of 20.25%.
o The one discrepancy for expenditures was $272,800 underreported. This is a variance of -10.06%.
In the 2023 Q4 report we noted:
• For key line item one, one out of 16 sections had errors.
o The one discrepancy for obligations was $1,120,000 overreported. This is a variance of 127.27%.
• For key line item two, one out of four sections had errors.
o The one discrepancy for obligations was $1,239,000 underreported. This is a variance of -27.53%.
In the 2024 Q1 report we noted:
• For key line item one, two out of 16 sections had errors.
o The one discrepancy for obligations was $72,675 overreported. This is a variance of 6.39%.
o The one discrepancy for expenditures was $135,223 underreported. This is a variance of -12.09%.
• For key line item two, one out of four sections had errors.
o The one discrepancy for obligations was $807,986 overreported. This is a variance of 17.96%.
In the 2024 Q2 report we noted:
• For key line item one, one out of 16 sections had errors.
o The one discrepancy for obligations was $322,758 overreported. This is a variance of 28.36%.
• For key line item two, one out of four sections had errors.
o The one discrepancy for obligations was $807,986 overreported. This is a variance of 17.96%.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The reports are mainly comprised of obligations recorded through contracts and financial information recorded in the Commissions accounting system. The 2023 Q3 report did not rely on this data when reporting on expenditures and obligations. Commission officials said there was a lack of coordination between program and finance staff in compiling this report to ensure the correct data was used. Furthermore, the Commission did not require management to review the reports and their supporting documentation before submitting them to the grantor.
Beginning with the 2023 Q4 report, the Commission changed its process to rely on the correct data and implemented a second review. However, there was an error in the calculation for the obligation amounts that the Commission staff said they corrected starting with the 2024 Q3 report. Additionally, for the one expenditure discrepancy, staff did not update the amount from the prior quarterly report. While the Commission implemented a second review, it was not performed effectively to identify these errors.
Effect of Condition
Without establishing adequate internal controls, which should include reviewing the reports and the supporting documentation to ensure the correct source data is reported, management cannot ensure that the reports are complete and accurate.
Recommendations
We recommend the Commission:
• Establish effective internal controls to ensure the reports are accurate and complete
• Ensure that management performs and documents an adequate review of the supporting documentation before submitting reports to the grantor
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Commission’s Response
The Commission concurs with this finding.
The Commission will strengthen its system of controls and review processes to ensure that data reported to the federal grantor is complete and accurate. In addition, the Commission will confirm with the grantor to determine if revision is necessary.
Auditor’s Remarks
We thank the Commission for its cooperation and assistance throughout the audit. We will review the status of the Commission's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 328, Financial reporting, states:
Unless otherwise approved by OMB, the Federal awarding agency must solicit only the OMB-approved governmentwide data elements for collection of financial information (at time of publication the Federal Financial Report or such future, OMB-approved, governmentwide data elements available from the OMB-designated standards lead. This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting. The Federal awarding agency must use OMB-approved common information collections, as applicable, when providing financial and performance reporting information.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The U.S. Department of Treasury’s Homeowner Assistance Fund: Guidance on Participant Compliance and Reporting Responsibilities, states, in part:
Programmatic Information Requirements
The following programmatic information will be required in Quarterly Reports.
f. Program(s) Information- HAF participants will provide information on all HAF programs. Programs are new or existing eligible government services or investments funded in whole or in part by HAF funding. For each program, the HAF participant will be required to enter the following information:
• Total Obligations Cumulative to Calendar Quarter end date;
• Total Expenditures Cumulative to Calendar Quarter end date;
g. Expenditures- HAF participants are required to report the HAF assistance expended or spent by the HAF participant. HAF participants will be asked to report expenditures on a cumulative basis at the following levels: the participant-level, program-level, and program design element-level. At the participant-level, HAF participants will be asked to disaggregate expenditures or amounts expended by the categories noted under the Disaggregated Information requirement below.
• The information provided in this section will relate to the HAF Grantee Plan Budget Expenditures broken out by Program Design Element.
h. Obligations- HAF participants are required to report the HAF assistance obligated. HAF participants will be asked to report obligations on a cumulative basis at the participant level, program-level, and program design element-level. HAF participants will be asked to disaggregate participant-level obligations by the categories noted under the Disaggregated Information requirement below.
• The information provided in this section will relate to the HAF Grantee Plan Budget Obligations broken out by Program Design Element.
i. Program Design Elements Covered- HAF participants will report on each of their HAF term sheets identified programs and their respective program design elements. HAF participants that provide funding for housing counseling and legal services will also report in this section. HAF participants will create a new line item for each program design element and tie the program design element to a specific program. Please reference Appendix 3 for Program Design Element categories and descriptions. HAF participants will be expected to report the following for each specific program design element within a program:
• Total Obligations Cumulative to Calendar Quarter end date;
• Total Expenditures Cumulative to Calendar Quarter end date;
• Number of Homeowners Assisted Cumulative to Calendar Quarter end date; and,
• Number of SDIs Assisted Cumulative to Calendar Quarter end date.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-019 The Department of Commerce did not have adequate internal controls to ensure payments to subrecipients were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-027
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. The prior finding numbers were 2023-027, 2023-028 and 2022-019.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported and met period of performance requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for allowable activities and period of performance.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with activities allowed, cost principles and period of performance requirements. Therefore, we were unable to assess the adequacy of internal controls over expenditures reimbursed to subrecipients to determine the Department’s compliance with these compliance requirements.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it and its subrecipients are using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the allowable costs and cost principles and period of performance requirements.
Department’s Response
The Department received a significant amount of SLFRF funding which was issued largely by proviso to various programs. The programs who received funding operated on their own internal control structures based on the guidance in place at the time and provided to them as part of their proviso. The programs audited in the prior year were not audited again in the current audit so any deficiencies reported in the prior year are not tied to the programs reported in this finding. The Department does have significant controls in place for activities allowed or unallowed, allowable costs/cost principles and period of performance.
The Washington State Auditor’s Office (SAO) starting the planning for this audit in late in the audit cycle in October 2024 and on November 1, 2024 the Internal Control Officer met with the Assistant Audit Manager to confirm two programs would be audited for the SLFRF audit. Internal Control Office (ICO) staff met with program staff to document their internal control processes. Less than a week later SAO changed their audit scope and added three more separate programs, two with different internal control structures. SAO required receipt of internal controls in writing which Commerce was able to fulfill for three of the programs, however, since the SAO was late in completing the planning, scoping and start of the audit, Commerce leadership made the decision to bypass the internal control work confirmation. It is important to note that the Code of Federal Regulation was updated in 2024 that starting on October 1, 2024 internal controls were required to be documented. That code did not apply to these programs as their award start was in 2023, yet SAO required key controls to be documented.
The Department supports that the programs audited had established controls that were in place and working effectively and that three of the five program controls were documented prior to the request made by the auditor.
The SAO is not able to meet the Federal Audit Clearinghouse deadline for this audit, however, the Department was given a very short window in which to complete an audit of five different internal programs. It is our hope that all future audits are started within in timeframe early enough to allow staff to appropriately fill all audit requests and provide documentation to support the mission of the audit.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs,
describes the general criteria in order for a cost to be allowable under federal awards, including
being adequately documented.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-020 The Department of Commerce did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRFP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF, more than $102 million of which the Department of Commerce spent.
The Department primarily used SLFRF to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure compliance with suspension and debarment requirements for the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for suspension and debarment.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with suspension and debarment requirements. Therefore, we were unable to assess the adequacy of internal controls over suspension and debarment to determine the Department’s compliance with the compliance requirement.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are not suspended or debarred from receiving or participating in federal awards.
Recommendation
We recommend the Department establish and document internal controls sufficient to prevent and detect noncompliance with the suspension and debarment requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls over suspension and debarment requirements. All Department contract templates include a suspension and debarment clause that when signed, confirms the contractor is not suspended or debarred from receiving federal funds. This clause meets the standard required in the Code of Federal Regulations. The past several audits completed by the SAO and other entities have concluded this control to be in place and working effectively.
While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 2 CFR Part 180, OMB Guidelines on Agencies on Government Wide Debarment and Suspension (Nonprocurement) establishes non-procurement debarment and suspension regulations.
2024-021 The Washington State Department of Transportation did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of Treasury
Federal Award/Contract Number: CSLFRF are direct deposit funds from the Treasury Office and are not classified as grants.
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Procurement and Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs.
Federal regulations require states to follow the same policies and procedures for procuring goods and services with federal grant funds as they do with non-federal funds. In Washington, state agencies are required to follow state law as well as policies and procedures established by the Department of Enterprise Services when procuring goods and services. The Department utilizes two types of construction contracts: Design-build and design-bid-build. Under a design-build contract, the contractor will engineer the project and build it. In a design-bid-build contract, the Department engineers the project’s design and the contractor builds it based on the Department’s plans and specifications.
Federal requirements prohibit award recipients from contracting with parties suspended or debarred from doing business with the federal government. Whenever the Department of Transportation contracts for construction projects that it will pay in whole, or in part with federal funds, it must verify the contractor is not suspended or debarred from doing business with the federal government. The Department can verify a contractor’s status by obtaining written certification from the contractor, inserting a clause into the contract stating the contractor is not suspended or debarred, or checking the U.S. General Services Administration’s Excluded Parties List System. The Department must meet one of these requirements before awarding a contract, and it must keep documentation demonstrating compliance with this federal requirement.
Federal requirements also require contractors to not knowingly enter into any lower tier covered transaction with a person who is debarred, suspended, declared ineligible or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency entering into this transaction. Federal regulations stipulate that the Department must incorporate Form FHWA-1273, Required Contract Provisions Federal-Aid Construction Contracts in all construction contracts, including subcontracts and lower-tier subcontracts for all construction projects receiving federal aid.
The Department’s Advertisement and Award Office is responsible for awarding and executing contracts for state highway projects. Projects are advertised through the Department’s regional offices in accordance with state law and the Department’s Advertisement and Award Manual (M 27-02.06). The Department’s regional offices are required by the Advertisement and Award Manual to assess the risk level of each project and to obtain approval from the Headquarters Construction Office to proceed with advertising a project assessed at Risk Level 2 or 3. In addition, the Department administers design-build construction projects according to the provisions of its Design-Build Manual (M 3126.08).
In fiscal year 2024, the Department awarded about $325 million to contractors participating in construction projects under the Coronavirus State and Local Fiscal Recovery Funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate controls over and did not comply with procurement and suspension and debarment requirements for the SLFRF.
Specifically, we found the Department’s procedures were not effective to ensure it met procurement requirements and that it communicated the requirement to contractors to ensure any lower-tier subcontracts include requirements to certify suspension and debarment of lower-tier subcontractors.
We examined all five contracts totaling about $325 million awarded by the Department during the audit period. We found:
• Three design-build contracts totaling $287 million (60 percent) were not adequately reviewed by management to ensure they contained the requirement for the contractor to pass down the requirement to comply with federal suspension and debarment requirements to lower-tier subcontractors.
• One design-build contract totaling $102.3 million (20 percent) did not include the required Form FHWA-1273 in the contract provisions, including requiring the contractor not to enter into contracts or sub-contracts with suspended or debarred parties at the next lower level. The Department did, however, verify the suspension and debarment status of the prime contractor prior to executing the contract.
• Two design-build contracts totaling $184.7 million (40 percent) did not have documentation demonstrating that the Headquarters Construction Office approved the projects for advertisement, assessed at Risk Level 3, as required by the Advertisement and Award Manual.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not effectively monitor each contract awarded to ensure that it had proper documentation of Headquarters Construction Office approval to advertise projects for award, as required by Department policies. Management did not adequately monitor each solicitation to ensure it met the requirements for advertisement in accordance with the Advertisement and Award Manual and the Design-Build Manual.
Additionally, management did not adequately review contracts executed to ensure they included suspension and debarment requirements and the required Form FHWA-1273 in the contract provisions.
Effect of Condition
By not establishing adequate internal controls over procurement, the Department is at an increased risk of improperly awarding contracts on construction projects. By not complying with Advertisement and Award Manual requirements, the Department is at an increased risk of awarding contracts to entities without promoting fair and open competition for bidding on Department projects.
By not complying with suspension and debarment requirements, the Department is at an increased risk of entering into a covered transaction with an excluded party. As a result, any payments made to an excluded party would be unallowable, and the grantor could potentially recover the funds from the Department.
Recommendation
We recommend that the Department:
• Establish effective internal controls to ensure it procures goods and services in accordance with federal regulations, and its own policies and procedures
• Improve internal controls to ensure it complies with federal suspension and debarment requirements
• Ensure it complies with all federal regulations regarding contracting procedures, and follows its own policies and procedures for advertising and awarding contracts
• Improve internal controls to ensure all applicable state and federal requirements are met prior to advertisement of the contract
• Thoroughly review its construction contracts to ensure all federal suspension and debarment requirements have been met prior to execution
Department’s Response
The Washington State Department of Transportation (WSDOT) appreciates the State Auditor’s Office audit of the Coronavirus State and Local Fiscal Recovery Fund (SLFRF) program. WSDOT is committed to ensuring our programs comply with federal regulations.
These funds were received from the Office of Financial Management (OFM), who received the funding from the U.S. Department of the Treasury (U.S. Treasury). At the time the funds were received WSDOT attempted to obtain guidance from the Federal Highway Administration (FHWA) and the U.S. Treasury; however, neither party was able to clarify how these funds were to be administered. Considering this, WSDOT developed procedures for awarding contracts using these funds, including contract provisions requiring adherence to WSDOT Standard Specifications for Road, Bridge, and Municipal Construction. WSDOT believed these Standard Specifications addressed requirements for procurement, suspension, and debarment, in contracts using federal U.S. Treasury funds, however SAO staff indicated these projects should be treated as if they were administered by USDOT and follow FHWA contracting requirements.
These funds were for a limited program, and should the Department make any awards moving forward we will utilize the procedures in place for FHWA. In addition, WSDOT will continue communications with OFM to ensure that contracts with SLFRF funds awarded are in compliance with federal regulations and communicate any changes to the appropriate WSDOT staff, as needed.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.180, What requirements must I pass down to persons at lower tiers with whom I intend to do business?, establishes requirements that must be passed to persons at lower tiers prior to contracting with them.
Title 23 CFR Part 633, Required Contract Provisions. Section 102, Applicability, establishes the required contract provisions and proposal notices applicable to all Federal-aid construction contracts other than Appalachian construction contracts.
Title 23 CFR Part 635, Construction and Maintenance, Section 112, Advertising for bids and proposals, outlines the requirements for advertising bids and proposals for construction contracts on Federal-aid projects.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Washington State Department of Transportation’s Advertisement and Award Manual (M 27-02.06), March 2022 edition, states in part:
Chapter 2, Rules
Appendix 1 Approval of Projects to Advertise
All projects must have formal approval action in order to be advertised. The form of this approval action will depend on the risks the Department will be assuming with the advertisement of the project. It is the goal of the Department to minimize risks associated with the project bid packages prior to advertisement. The advertisement risk levels detailed below quantify risk associated with all of the project development disciplines, including right of way certification. This assessment needs to be a collaborative effort between the Region and Headquarters.
Level 2 Approval
This approval level is for projects that are generally complete, but still have some non-critical issues to be resolved prior to proceeding to bid opening.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening. Approval to advertise will require concurrence by Headquarters Construction. This concurrence will be based on the risk associated with outstanding issues and the likelihood of resolving them prior to the scheduled bid opening.
Level 3 Approval
This approval level is for projects that are lacking one or more critical elements to be a complete biddable project, but there is a clear and overwhelming need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Headquarters Contract Ad and Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve all deficiencies prior to the bid opening, and documenting the prior agreement between the Region and the Headquarters Construction Office to proceed into the advertisement phase of the project. Headquarters approval to proceed to advertisement will be based on the balance of risk associated with outstanding issues, the likelihood of resolving them prior to the scheduled bid opening, and the benefits of beginning the advertisement period prior to the issues being resolved.
The Washington State Department of Transportation’s Design-Build Manual (M 3126-.08), February 2022 edition, states in part:
Chapter 5 General Procurement Activities
5-4 Approval of Design-Build Projects to Advertise
All DB projects must have formal approval action for the RFQ and RFP to be published. The form of this approval action will depend on the risks WSDOT will be assuming with the publishing of the RFQ and RFP. It is the goal of WSDOT to minimize risks associated with the RFQ and RFP prior to publishing.
The risk levels detailed below quantify risk associated with all the project development disciplines, including right of way certification. The risk levels described below are associated with an assessment of the RFP status. The assessment is intended to determine that all components of the RFP are on track to be completed and incorporated into the RFP prior to Issue RFP Date.
5-4.2 Level 2 Approval
This approval level is for projects that are generally on track to be complete by the Target Date, but still have some activities/issues to be resolved prior to the Ad Date.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 2 Approval, and identifying all outstanding issues along with a plan to resolve said issues prior to the Ad date. Approval to publish the RFQ will require concurrence by HQ Construction.
5-4.3 Level 3 Approval
This approval level is for projects that are not on track for completion prior to the Ad Date, missing critical elements required for a complete biddable project, but there is a clear and compelling need to begin the advertisement process.
Approval action for these projects shall consist of a letter from the Region to the Contract Ad & Award Office, certifying the project meets the criteria for a Level 3 Approval, identifying all outstanding issues along with a plan to resolve said issues two weeks prior to the proposal due date. HQ’s approval to proceed to RFQ publishing will be based on clearly defined risk associated with outstanding issues, and a plan for resolving said issue two weeks prior to the scheduled proposal due date. Any conditions incorporated into the RFP and extensions proposal due date will require concurrence by HQ Construction.
2024-022 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the Coronavirus State and Local Fiscal Recovery Funds.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-031
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients for the SLFRF. The prior finding numbers were 2023-031 and 2022-021.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to perform risk assessments for subrecipients of the SLFRF.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit period, the Department awarded more than $68 million in SLFRF funds to 25 subrecipients for the five SLFRF funded programs we examined. We randomly selected and examined eight subrecipients in addition to one individually significant subrecipient and determined the Department did not perform a risk assessment to determine the appropriate level of monitoring for two of its subrecipients (22 percent).
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
Program management was not aware of the requirement to perform and document risk assessments of each of its subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity.
Without performing risk assessments of subrecipients that received SLFRF funding, which the federal government has classified as a program of higher risk, the Department cannot determine the appropriate amount of monitoring required for each subrecipient. Not performing new risk assessments also makes the Department less likely to detect subrecipients’ noncompliance with federal regulations and the terms and conditions of subawards.
Recommendation
We recommend the Department:
• Establish and document internal controls sufficient to prevent and detect noncompliance with subrecipient monitoring requirements.
• Ensure it performs and documents the required risk assessments sufficiently for management to evaluate the results, determine the appropriate level of monitoring, and demonstrate compliance with federal requirements.
Department’s Response
The Department maintained effective internal controls over the SLFRF-funded programs audited, despite late audit planning and an expanded scope introduced by the Washington State Auditor’s Office (SAO). The Department operated within applicable federal regulations in place at the time of the awards and ensured that controls were functioning as required.
Each program receiving SLFRF funding was subject to its own internal control structure, aligned with specific program requirements and proviso guidance. The programs audited this year were distinct from those audited in the prior year, and as such, any deficiencies previously reported are unrelated to the programs referenced in the current finding. The Department confirms that appropriate subrecipient monitoring controls were in place and operating effectively for all programs included in this year’s audit.
Challenges arose due to SAO initiating audit planning late in the cycle, beginning in October 2023. At the outset, only two programs were identified for audit, and internal control documentation for these programs was prepared accordingly. However, within a week, SAO expanded the audit scope to include three additional programs, two of which followed different internal control frameworks. Commerce responded promptly, providing documentation for three of the five programs. Due to time constraints caused by the late scoping and planning of the audit, Commerce leadership prioritized core audit deliverables and elected not to pursue additional internal control confirmations at that time.
It is important to note that a 2024 update to the Code of Federal Regulations requires documented internal controls for awards beginning on or after October 1, 2024. The programs audited, however, were awarded in 2023 and were therefore not subject to this requirement. Despite this, SAO reported the absence of certain documented key controls as a deficiency.
The Department maintains that all audited programs had established and effective internal controls and that documentation was completed for a majority of programs prior to SAO’s request. While the SAO will not meet the Federal Audit Clearinghouse deadline due to delays in initiating and planning this audit, the Department worked within a compressed timeline to accommodate the widened audit scope. Looking ahead, the Department recommends that future audits be initiated earlier to provide sufficient time for staff to meet all audit requirements and fully support the audit’s objectives.
Auditor’s Remarks
Our Office began scoping the audit of the SLFRF program in October 2024 after receiving the Schedule of Expenditures of Federal Awards from the Office of Financial Management (OFM). Once we performed our analysis of program expenditures at the Department, we submitted requests for audit contacts from two of the divisions administering SLFRF funds on October 3, 2024. We finalized preliminary scoping for the audit on October 16th and followed up with the Department by requesting audit contacts for three additional projects funded by SLFRF. The Department ultimately provided enough information for us to scope and finalize the audit plan in January 2025. In our judgment, we provided the Department with ample time to provide documentation about its internal controls over the direct and material compliance requirements for the SLFRF that were in place during the audit period. We discussed the timing of the audit with Department management, and they decided to forego our Office testing the internal controls over all of the compliance requirements.
We agree with the Department that Uniform Guidance (2 CFR) did not require non-Federal entities that receive federal funds to explicitly have documentation of their internal controls. However, the version of 2 CFR 200.303 Internal controls (effective November 12, 2020) in place during the audit period required non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.
The State Administrative and Accounting Manual (SAAM), published by OFM, establishes the minimum requirements that state agencies must meet. Chapter 20 of the SAAM discusses policies related to internal controls. Section 20.15.60.d states:
Documentation is a necessary part of a system of internal control. Management must determine the level and nature of documentation that is needed to assess the effectiveness of internal control. Documentation should be sufficient to allow the agency to:
• Assess the overall soundness of the system of internal control.
• Be aware of the existence of internal control weaknesses, if any.
• Formulate the agency’s plan of action for addressing internal control weaknesses and improving the internal control where necessary.
While we appreciate the Department’s Internal Control Office assisting its programs with documenting its internal controls and believe it will help strengthen the Department in future years, it was evident this documentation did not exist at its program levels during the audit period.
Regarding the timing of our single audit opinion for the state, our engagement letter with OFM stipulates that the single audit report will be issued no later than April 30, 2025 and this letter was signed by both parties in June 2024. Our audit work was completed in accordance with the timelines outlined in this engagement letter.
We reaffirm our audit finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
2024-023 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Coronavirus State and Local Fiscal Recovery Funds received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds
Federal Grantor Name: U.S. Department of the Treasury
Federal Award/Contract Number: SLFRP0002
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the America Rescue Plan Act of 2021, delivered $350 billion to state, local and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state’s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2024, state agencies spent about $564 million in SLFRF funds, more than $102 million of which was spent by the Department of Commerce.
The Department primarily used SLFRF funds to administer and support affordable housing construction and infrastructure projects including broadband infrastructure, through its housing and local government divisions. SLFRF funds were also used for transportation, tourism and other pandemic-recovery projects. During fiscal year 2024, the Department expended about $100 million on reimbursements to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for carrying out housing and infrastructure projects under contracts with the Department.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The Internal Control Office obtains a list of subrecipients paid with federal funds in its Contract Management System (CMS) and also obtains program expenditures from the state’s accounting system (AFRS) to determine which subrecipients were paid by the Department. The Program staff also provide separate lists of subrecipients to the Internal Control Office for comparison.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SLFRF received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit, we were unable to perform procedures to ascertain whether the Department established and followed internal controls to ensure compliance with program requirements. As such, we determined internal controls were inadequate to prevent or detect material noncompliance with federal requirements for subrecipient monitoring.
During the audit, we requested the spreadsheet used to monitor compliance with these requirements for SLFRF subrecipients, but the Department did not provide it. We compared the subrecipients identified by program management to the Federal Audit Clearinghouse to determine which received single audits. We found 59 SLFRF subrecipients received a single audit during the audit period.
Additionally, we found nine subrecipients received a SLFRF finding requiring a management decision letter to be issued by the Department during the audit period. These subrecipients were not monitored by the Department during the audit period and no management decisions were issued.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This condition was not reported as a finding in the prior audit.
Cause of Condition
The Department did not identify its internal controls that are designed to ensure compliance with subrecipient monitoring requirements. Therefore, we were unable to assess the adequacy of internal controls over subrecipient monitoring to determine the Department’s compliance with these compliance requirements.
The Department did not effectively monitor SLFRF subrecipients during the audit period to ensure single audits were performed, when required, due to not reviewing audit reports submitted in the Federal Audit Clearinghouse. The Department relied on the accuracy of program reports to determine which of its subrecipients required follow-up.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure it is adequately monitoring subrecipients for all requirements placed on the pass-through entity for this program, which the federal government has classified as a program of higher risk. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department agrees with part of the finding issued. The Department does have a robust process in place to identify, verify, track and work with program partners to complete the required single audit submission verifications required by the Code of Federal Regulations. The Department acknowledges weaknesses exist in the issuance of management decision letters. While the Department was successful in monitoring subrecipients and issuing management decision letters to all Commerce subrecipients who were issued findings in the prior audit, the workload related to the monitoring and letter issuance exceeded staff capabilities. The amount of subrecipients the Department provides funding to is large and many have different submission dates and their funding thresholds vary widely making tracking of several hundred subrecipients a challenge.
In October 2024 the Internal Controls Office (ICO) hired an experienced staff member who is responsible for the audit submission verification, tracking and management decision letter issuance and our staffing resource issues have been resolved.
Additionally, the ICO is examining the complexity of the process for the Department to identify improvements which will allow for stronger internal controls and result in a higher compliance rate. The Department anticipates these process improvements will resolve all deficiencies and will be reflected in outcome of the next federal single audit report issued in 2026.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-026 The Workforce Training and Education Coordinating Board did not have adequate internal controls over matching requirements for the Career and Technical Education – Basic Grants to States program.
Assistance Listing Number and Title: 84.048 Career and Technical Education – Basic Grants to States (Perkins V)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: V048A210047; V048A220047; V048A230047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching
Known Questioned Cost Amount: None
Prior Year Audit Finding: None
Background
The Career and Technical Education - Basic Grants to States (Perkins V) program is administered by the Workforce Training and Education Coordinating Board (Workforce Board). Perkins V provides grants to states and outlying areas to develop the academic knowledge and technical and employability skills of secondary students and postsecondary students. This is accomplished by building on the efforts of states and localities to develop challenging academic and technical standards and to assist students in meeting such standards promoting the development of services and activities that integrate rigorous and challenging academic and career and technical instruction, and that link secondary education and postsecondary education. This is also done through increasing state and local flexibility in providing services and activities designed to develop, implement and improve career and technical education, conducting and disseminating national research and disseminating information on best practices that improve career and technical education programs and programs of study, services, and activities.
The Office of the Superintendent of Public Instruction (OSPI) and the Washington State Board for Community and Technical Colleges (SBCTC) receive funds through interagency agreements with the Workforce Board. The federal funding provides technical assistance, supporting partnerships among secondary schools, postsecondary institutions, area career and technical education schools, local workforce investment boards, business and industry, and intermediaries. It helps provide individuals with opportunities to develop, in conjunction with other educational and training programs, the knowledge and skills needed to keep the United States competitive; and increase the employment opportunities for populations who are chronically unemployed or underemployed (including individuals with disabilities, individuals from economically disadvantaged families, out-of-workforce individuals, youth who are in, or have aged out of, the foster care system, and homeless individuals).
Matching requirements for the grant require the state to match, from nonfederal sources and on a dollar-for-dollar basis, the funds reserved for the administration of the plan. The matching requirement may be applied overall, rather than line-by-line, to state administrative expenditures.
During fiscal year 2024, the Workforce Board, OSPI, and SBCTC spent about $27 million in federal grant funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Workforce Board did not have adequate internal controls over matching requirements for the Perkins V program.
The Board obtains information as part of its annual report from OSPI and SBCTC along with a certification showing the amount of state funds that are being used to match the federal administrative expenditures required by the grant. The Board did not have documentation to show the certification was received from OSPI. We also identified a lack of sufficient detail on the individual reimbursement requests and the certification. Without reviewing any of the supporting documentation for the state matching funds from other entities, the Board cannot determine the amount of state funds being used to match is supported and was for allowable purposes.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
While the Workforce Board established internal controls, they were insufficiently designed and did not operate effectively to ensure compliance with matching requirements.
Effect of Condition
Without establishing adequate internal controls and obtaining a sufficient level of supporting accounting detail, the Board cannot reasonably ensure it and its partnered state agencies have met matching requirements.
Recommendation
We recommend the Workforce Board:
• Establish and document internal controls sufficient to prevent and detect noncompliance with matching requirements.
• Obtain support sufficient to adequately ensure matching requirements are met.
Board’s Response
We appreciate the State Auditor’s Office audit of the matching requirement for the Perkins V program. The Workforce Training and Education Coordinating Board (Workforce Board) is committed to ensuring that our programs comply with all federal regulations. While the Workforce Board partially concurs with the Auditor's findings, we want to highlight that we have established controls to ensure the state administration match requirement is met.
During the period audited, there was turnover within both the Office of Superintendent of Public Instruction (OSPI) and the Workforce Board, which may have contributed to challenges in fulfilling certain requirements. However, the Workforce Board does have a contract with OSPI that specifies a Certification is required, and we did receive the Certification for the current year. Additionally, we have communicated with our subrecipients that certifications are required.
We have since worked closely with the new fiscal staff at OSPI, and they are now providing additional support for each quarterly billing, as reflected in their accounting records. Furthermore, the Workforce Board has incorporated a monitoring section into the new contracts to enhance oversight and ensure compliance moving forward.
Auditor’s Remarks
We thank the Board for its cooperation and assistance throughout the audit. We will review the status of the Board's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 United Stated Code, section 2391, Fiscal requirements, states, in part:
(b)Matching requirement
Each eligible agency receiving funds made available under subsection (a)(3) shall match, from non-Federal sources and on a dollar-for-dollar basis, the funds received under subsection (a)(3).
2024-027 Workforce Training and Education Coordinating Board did not have adequate internal controls to ensure compliance with level of effort requirements for the Career and Technical Education – Basic Grants to States program.
Assistance Listing Number and Title: 84.048 Career and Technical Education – Basic Grants to States (Perkins V)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: V048A210047; V048A220047; V048A230047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Career and Technical Education - Basic Grants to States (Perkins V) program is administered by the Workforce Training and Education Coordinating Board (Workforce Board). Perkins V provides grants to states and outlying areas to develop the academic knowledge and technical and employability skills of secondary students and postsecondary students. This is accomplished by building on the efforts of states and localities to develop challenging academic and technical standards and to assist students in meeting such standards promoting the development of services and activities that integrate rigorous and challenging academic and career and technical instruction, and that link secondary education and postsecondary education. This is also done through increasing state and local flexibility in providing services and activities designed to develop, implement and improve career and technical education, conducting and disseminating national research and disseminating information on best practices that improve career and technical education programs and programs of study, services, and activities.
The Office of the Superintendent of Public Instruction (OSPI) and the Washington State Board for Community and Technical Colleges (SBCTC) receive funds through interagency agreements with the Workforce Board. The federal funding provides technical assistance, supporting partnerships among secondary schools, postsecondary institutions, area career and technical education schools, local workforce investment boards, business and industry, and intermediaries. It helps provide individuals with opportunities to develop, in conjunction with other educational and training programs, the knowledge and skills needed to keep the United States competitive; and increase the employment opportunities for populations who are chronically unemployed or underemployed (including individuals with disabilities, individuals from economically disadvantaged families, out-of-workforce individuals, youth who are in, or have aged out of, the foster care system, and homeless individuals).
Level of effort requirements for the grant require the state to maintain its fiscal efforts from state sources each year when compared with such efforts from the preceding year. Similarly, the state shall provide from state sources for administration of Perkins V, an amount that is not less than the state sourced amounts provided for administrative costs in the preceding fiscal year. Lastly, the state and its subrecipients may use funds for career and technical education activities that supplement, and not supplant, non-federal funds expended to carry out career and technical education activities.
During fiscal year 2024, the Workforce Board, OSPI, and SBCTC spent about $27 million in federal grant funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Workforce Board did not have adequate internal controls to ensure compliance with level of effort requirements for the Perkins V program.
The Workforce Board reviews state funding efforts for the program during its preparation of their annual report. However, the Workforce Board did not implement sufficient preventative controls to effectively monitor the level of effort requirements on a more continuous basis.
During the audit, we were unable to identify controls that would prevent or detect non-compliance with the requirement that federal funds must be used to supplement, not supplant, non-federal funds specific to the level of effort requirement.
As such, we determined internal controls were inadequate to prevent or detect non-compliance with federal requirements for level of effort.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Workforce Board did not establish sufficient internal controls that were designed to ensure compliance with the level of effort requirements.
Effect of Condition
Without establishing adequate internal controls, the Workforce Board cannot reasonably ensure it and its partnered state agencies have met level of effort requirements.
Recommendation
We recommend the Workforce Board establish and document internal controls sufficient to prevent and detect noncompliance with the level of effort requirements.
Board’s Response
Thank you for providing the Workforce Training and Education Coordinating Board (Workforce Board) with the opportunity to review and respond to the State Auditor’s Office (SAO) audit report on the level of effort. The Workforce Board fully acknowledges the significance and priority of maintaining strong internal controls over the analysis and certification of level of effort, ensuring that this process is completed in a timely manner and allowing sufficient time for any necessary corrective actions.
In collaboration with the State Board for Community and Technical Colleges (SBCTC) and the Office of Superintendent of Public Instruction (OSPI), the Workforce Board is committed to identifying and analyzing options for incorporating semi-annual reviews of the level of effort / maintenance of effort (MOE) funds. These efforts will help enhance transparency and improve the accuracy of reporting.
The SBCTC already provides level of effort documentation on a semi-annual basis. The Workforce Board will use this document as a template to establish agency guidelines related to MOE. The agency will require the collection of MOE data and certification from its subaward recipients on a semi-annual basis. This approach will help ensure consistent compliance with all applicable requirements and reinforce our commitment to continuous improvement in managing and overseeing MOE funds.
We appreciate the recommendations from the SAO and look forward to working collaboratively with SBCTC and OSPI to enhance our internal processes and controls.
Auditor’s Remarks
We thank the Board for its cooperation and assistance throughout the audit. We will review the status of the Board's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 United Stated Code, section 2391, Fiscal requirements, states:
(a) Supplement not supplant
Funds made available under this chapter for career and technical education activities shall supplement, and shall not supplant, non-Federal funds expended to carry out career and technical education activities.
(b) Maintenance of effort
(1) Determination
(A) In general
Except as provided in subparagraph (B), (C), or (D), in order for a State to receive its full allotment of funds under this chapter for any fiscal year, the Secretary must find that the State's fiscal effort per student, or the aggregate expenditures of such State, with respect to career and technical education for the preceding fiscal year was not less than the fiscal effort per student, or the aggregate expenditures of such State, for the second preceding fiscal year.
(B) Computation
In computing the fiscal effort or aggregate expenditures pursuant to subparagraph (A), the Secretary shall, at the request of the State, exclude competitive or incentive-based programs established by the State, capital expenditures, special one-time project costs, and the cost of pilot programs.
(C) Decrease in Federal support
If the amount made available for career and technical education programs under this chapter for a fiscal year is less than the amount made available for career and technical education programs under this chapter for the preceding fiscal year, then the fiscal effort per student or the aggregate expenditures of a State required by subparagraph (A) for the preceding fiscal year shall be decreased by the same percentage as the percentage decrease in the amount so made available.
(D) Establishing the state baseline
For purposes of applying subparagraph (A) for years which require the calculation of the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education for the first full fiscal year following July 31, 2018, the State may determine the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education for such first full fiscal year by-
(i) continuing to use the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education, as was in effect on the day before July 31, 2018; or
(ii) establishing a new level of fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education, which is not less than 95 percent of the State's fiscal effort per student, or the aggregate expenditures of such State, with respect to career and technical education for the preceding fiscal year.
(2) Failure to meet
(A) In general
The Secretary shall reduce the amount of a State's allotment of funds under this chapter for any fiscal year in the exact proportion by which the State fails to meet the requirement of paragraph (1) by falling below the State's fiscal effort per student or the State's aggregate expenditures (using the measure most favorable to the State), if the State failed to meet such requirement (as determined using the measure most favorable to the State) for 1 or more of the 5 immediately preceding fiscal years.
(B) Special rule
No such lesser amount shall be used for computing the effort required under paragraph (1) for subsequent years.
(3) Waiver
The Secretary may waive paragraph (2) due to exceptional or uncontrollable circumstances affecting the ability of the State to meet the requirement of paragraph (1) such as a natural disaster or an unforeseen and precipitous decline in financial resources. No level of funding permitted under such a waiver may be used as the basis for computing the fiscal effort or aggregate expenditures required under this section for years subsequent to the year covered by such waiver. The fiscal effort or aggregate expenditures for the subsequent years shall be computed on the basis of the level of funding that would, but for such waiver, have been required.
2024-026 The Workforce Training and Education Coordinating Board did not have adequate internal controls over matching requirements for the Career and Technical Education – Basic Grants to States program.
Assistance Listing Number and Title: 84.048 Career and Technical Education – Basic Grants to States (Perkins V)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: V048A210047; V048A220047; V048A230047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching
Known Questioned Cost Amount: None
Prior Year Audit Finding: None
Background
The Career and Technical Education - Basic Grants to States (Perkins V) program is administered by the Workforce Training and Education Coordinating Board (Workforce Board). Perkins V provides grants to states and outlying areas to develop the academic knowledge and technical and employability skills of secondary students and postsecondary students. This is accomplished by building on the efforts of states and localities to develop challenging academic and technical standards and to assist students in meeting such standards promoting the development of services and activities that integrate rigorous and challenging academic and career and technical instruction, and that link secondary education and postsecondary education. This is also done through increasing state and local flexibility in providing services and activities designed to develop, implement and improve career and technical education, conducting and disseminating national research and disseminating information on best practices that improve career and technical education programs and programs of study, services, and activities.
The Office of the Superintendent of Public Instruction (OSPI) and the Washington State Board for Community and Technical Colleges (SBCTC) receive funds through interagency agreements with the Workforce Board. The federal funding provides technical assistance, supporting partnerships among secondary schools, postsecondary institutions, area career and technical education schools, local workforce investment boards, business and industry, and intermediaries. It helps provide individuals with opportunities to develop, in conjunction with other educational and training programs, the knowledge and skills needed to keep the United States competitive; and increase the employment opportunities for populations who are chronically unemployed or underemployed (including individuals with disabilities, individuals from economically disadvantaged families, out-of-workforce individuals, youth who are in, or have aged out of, the foster care system, and homeless individuals).
Matching requirements for the grant require the state to match, from nonfederal sources and on a dollar-for-dollar basis, the funds reserved for the administration of the plan. The matching requirement may be applied overall, rather than line-by-line, to state administrative expenditures.
During fiscal year 2024, the Workforce Board, OSPI, and SBCTC spent about $27 million in federal grant funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Workforce Board did not have adequate internal controls over matching requirements for the Perkins V program.
The Board obtains information as part of its annual report from OSPI and SBCTC along with a certification showing the amount of state funds that are being used to match the federal administrative expenditures required by the grant. The Board did not have documentation to show the certification was received from OSPI. We also identified a lack of sufficient detail on the individual reimbursement requests and the certification. Without reviewing any of the supporting documentation for the state matching funds from other entities, the Board cannot determine the amount of state funds being used to match is supported and was for allowable purposes.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
While the Workforce Board established internal controls, they were insufficiently designed and did not operate effectively to ensure compliance with matching requirements.
Effect of Condition
Without establishing adequate internal controls and obtaining a sufficient level of supporting accounting detail, the Board cannot reasonably ensure it and its partnered state agencies have met matching requirements.
Recommendation
We recommend the Workforce Board:
• Establish and document internal controls sufficient to prevent and detect noncompliance with matching requirements.
• Obtain support sufficient to adequately ensure matching requirements are met.
Board’s Response
We appreciate the State Auditor’s Office audit of the matching requirement for the Perkins V program. The Workforce Training and Education Coordinating Board (Workforce Board) is committed to ensuring that our programs comply with all federal regulations. While the Workforce Board partially concurs with the Auditor's findings, we want to highlight that we have established controls to ensure the state administration match requirement is met.
During the period audited, there was turnover within both the Office of Superintendent of Public Instruction (OSPI) and the Workforce Board, which may have contributed to challenges in fulfilling certain requirements. However, the Workforce Board does have a contract with OSPI that specifies a Certification is required, and we did receive the Certification for the current year. Additionally, we have communicated with our subrecipients that certifications are required.
We have since worked closely with the new fiscal staff at OSPI, and they are now providing additional support for each quarterly billing, as reflected in their accounting records. Furthermore, the Workforce Board has incorporated a monitoring section into the new contracts to enhance oversight and ensure compliance moving forward.
Auditor’s Remarks
We thank the Board for its cooperation and assistance throughout the audit. We will review the status of the Board's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 United Stated Code, section 2391, Fiscal requirements, states, in part:
(b)Matching requirement
Each eligible agency receiving funds made available under subsection (a)(3) shall match, from non-Federal sources and on a dollar-for-dollar basis, the funds received under subsection (a)(3).
2024-027 Workforce Training and Education Coordinating Board did not have adequate internal controls to ensure compliance with level of effort requirements for the Career and Technical Education – Basic Grants to States program.
Assistance Listing Number and Title: 84.048 Career and Technical Education – Basic Grants to States (Perkins V)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: V048A210047; V048A220047; V048A230047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Career and Technical Education - Basic Grants to States (Perkins V) program is administered by the Workforce Training and Education Coordinating Board (Workforce Board). Perkins V provides grants to states and outlying areas to develop the academic knowledge and technical and employability skills of secondary students and postsecondary students. This is accomplished by building on the efforts of states and localities to develop challenging academic and technical standards and to assist students in meeting such standards promoting the development of services and activities that integrate rigorous and challenging academic and career and technical instruction, and that link secondary education and postsecondary education. This is also done through increasing state and local flexibility in providing services and activities designed to develop, implement and improve career and technical education, conducting and disseminating national research and disseminating information on best practices that improve career and technical education programs and programs of study, services, and activities.
The Office of the Superintendent of Public Instruction (OSPI) and the Washington State Board for Community and Technical Colleges (SBCTC) receive funds through interagency agreements with the Workforce Board. The federal funding provides technical assistance, supporting partnerships among secondary schools, postsecondary institutions, area career and technical education schools, local workforce investment boards, business and industry, and intermediaries. It helps provide individuals with opportunities to develop, in conjunction with other educational and training programs, the knowledge and skills needed to keep the United States competitive; and increase the employment opportunities for populations who are chronically unemployed or underemployed (including individuals with disabilities, individuals from economically disadvantaged families, out-of-workforce individuals, youth who are in, or have aged out of, the foster care system, and homeless individuals).
Level of effort requirements for the grant require the state to maintain its fiscal efforts from state sources each year when compared with such efforts from the preceding year. Similarly, the state shall provide from state sources for administration of Perkins V, an amount that is not less than the state sourced amounts provided for administrative costs in the preceding fiscal year. Lastly, the state and its subrecipients may use funds for career and technical education activities that supplement, and not supplant, non-federal funds expended to carry out career and technical education activities.
During fiscal year 2024, the Workforce Board, OSPI, and SBCTC spent about $27 million in federal grant funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Workforce Board did not have adequate internal controls to ensure compliance with level of effort requirements for the Perkins V program.
The Workforce Board reviews state funding efforts for the program during its preparation of their annual report. However, the Workforce Board did not implement sufficient preventative controls to effectively monitor the level of effort requirements on a more continuous basis.
During the audit, we were unable to identify controls that would prevent or detect non-compliance with the requirement that federal funds must be used to supplement, not supplant, non-federal funds specific to the level of effort requirement.
As such, we determined internal controls were inadequate to prevent or detect non-compliance with federal requirements for level of effort.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Workforce Board did not establish sufficient internal controls that were designed to ensure compliance with the level of effort requirements.
Effect of Condition
Without establishing adequate internal controls, the Workforce Board cannot reasonably ensure it and its partnered state agencies have met level of effort requirements.
Recommendation
We recommend the Workforce Board establish and document internal controls sufficient to prevent and detect noncompliance with the level of effort requirements.
Board’s Response
Thank you for providing the Workforce Training and Education Coordinating Board (Workforce Board) with the opportunity to review and respond to the State Auditor’s Office (SAO) audit report on the level of effort. The Workforce Board fully acknowledges the significance and priority of maintaining strong internal controls over the analysis and certification of level of effort, ensuring that this process is completed in a timely manner and allowing sufficient time for any necessary corrective actions.
In collaboration with the State Board for Community and Technical Colleges (SBCTC) and the Office of Superintendent of Public Instruction (OSPI), the Workforce Board is committed to identifying and analyzing options for incorporating semi-annual reviews of the level of effort / maintenance of effort (MOE) funds. These efforts will help enhance transparency and improve the accuracy of reporting.
The SBCTC already provides level of effort documentation on a semi-annual basis. The Workforce Board will use this document as a template to establish agency guidelines related to MOE. The agency will require the collection of MOE data and certification from its subaward recipients on a semi-annual basis. This approach will help ensure consistent compliance with all applicable requirements and reinforce our commitment to continuous improvement in managing and overseeing MOE funds.
We appreciate the recommendations from the SAO and look forward to working collaboratively with SBCTC and OSPI to enhance our internal processes and controls.
Auditor’s Remarks
We thank the Board for its cooperation and assistance throughout the audit. We will review the status of the Board's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 United Stated Code, section 2391, Fiscal requirements, states:
(a) Supplement not supplant
Funds made available under this chapter for career and technical education activities shall supplement, and shall not supplant, non-Federal funds expended to carry out career and technical education activities.
(b) Maintenance of effort
(1) Determination
(A) In general
Except as provided in subparagraph (B), (C), or (D), in order for a State to receive its full allotment of funds under this chapter for any fiscal year, the Secretary must find that the State's fiscal effort per student, or the aggregate expenditures of such State, with respect to career and technical education for the preceding fiscal year was not less than the fiscal effort per student, or the aggregate expenditures of such State, for the second preceding fiscal year.
(B) Computation
In computing the fiscal effort or aggregate expenditures pursuant to subparagraph (A), the Secretary shall, at the request of the State, exclude competitive or incentive-based programs established by the State, capital expenditures, special one-time project costs, and the cost of pilot programs.
(C) Decrease in Federal support
If the amount made available for career and technical education programs under this chapter for a fiscal year is less than the amount made available for career and technical education programs under this chapter for the preceding fiscal year, then the fiscal effort per student or the aggregate expenditures of a State required by subparagraph (A) for the preceding fiscal year shall be decreased by the same percentage as the percentage decrease in the amount so made available.
(D) Establishing the state baseline
For purposes of applying subparagraph (A) for years which require the calculation of the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education for the first full fiscal year following July 31, 2018, the State may determine the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education for such first full fiscal year by-
(i) continuing to use the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education, as was in effect on the day before July 31, 2018; or
(ii) establishing a new level of fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education, which is not less than 95 percent of the State's fiscal effort per student, or the aggregate expenditures of such State, with respect to career and technical education for the preceding fiscal year.
(2) Failure to meet
(A) In general
The Secretary shall reduce the amount of a State's allotment of funds under this chapter for any fiscal year in the exact proportion by which the State fails to meet the requirement of paragraph (1) by falling below the State's fiscal effort per student or the State's aggregate expenditures (using the measure most favorable to the State), if the State failed to meet such requirement (as determined using the measure most favorable to the State) for 1 or more of the 5 immediately preceding fiscal years.
(B) Special rule
No such lesser amount shall be used for computing the effort required under paragraph (1) for subsequent years.
(3) Waiver
The Secretary may waive paragraph (2) due to exceptional or uncontrollable circumstances affecting the ability of the State to meet the requirement of paragraph (1) such as a natural disaster or an unforeseen and precipitous decline in financial resources. No level of funding permitted under such a waiver may be used as the basis for computing the fiscal effort or aggregate expenditures required under this section for years subsequent to the year covered by such waiver. The fiscal effort or aggregate expenditures for the subsequent years shall be computed on the basis of the level of funding that would, but for such waiver, have been required.
2024-026 The Workforce Training and Education Coordinating Board did not have adequate internal controls over matching requirements for the Career and Technical Education – Basic Grants to States program.
Assistance Listing Number and Title: 84.048 Career and Technical Education – Basic Grants to States (Perkins V)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: V048A210047; V048A220047; V048A230047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching
Known Questioned Cost Amount: None
Prior Year Audit Finding: None
Background
The Career and Technical Education - Basic Grants to States (Perkins V) program is administered by the Workforce Training and Education Coordinating Board (Workforce Board). Perkins V provides grants to states and outlying areas to develop the academic knowledge and technical and employability skills of secondary students and postsecondary students. This is accomplished by building on the efforts of states and localities to develop challenging academic and technical standards and to assist students in meeting such standards promoting the development of services and activities that integrate rigorous and challenging academic and career and technical instruction, and that link secondary education and postsecondary education. This is also done through increasing state and local flexibility in providing services and activities designed to develop, implement and improve career and technical education, conducting and disseminating national research and disseminating information on best practices that improve career and technical education programs and programs of study, services, and activities.
The Office of the Superintendent of Public Instruction (OSPI) and the Washington State Board for Community and Technical Colleges (SBCTC) receive funds through interagency agreements with the Workforce Board. The federal funding provides technical assistance, supporting partnerships among secondary schools, postsecondary institutions, area career and technical education schools, local workforce investment boards, business and industry, and intermediaries. It helps provide individuals with opportunities to develop, in conjunction with other educational and training programs, the knowledge and skills needed to keep the United States competitive; and increase the employment opportunities for populations who are chronically unemployed or underemployed (including individuals with disabilities, individuals from economically disadvantaged families, out-of-workforce individuals, youth who are in, or have aged out of, the foster care system, and homeless individuals).
Matching requirements for the grant require the state to match, from nonfederal sources and on a dollar-for-dollar basis, the funds reserved for the administration of the plan. The matching requirement may be applied overall, rather than line-by-line, to state administrative expenditures.
During fiscal year 2024, the Workforce Board, OSPI, and SBCTC spent about $27 million in federal grant funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Workforce Board did not have adequate internal controls over matching requirements for the Perkins V program.
The Board obtains information as part of its annual report from OSPI and SBCTC along with a certification showing the amount of state funds that are being used to match the federal administrative expenditures required by the grant. The Board did not have documentation to show the certification was received from OSPI. We also identified a lack of sufficient detail on the individual reimbursement requests and the certification. Without reviewing any of the supporting documentation for the state matching funds from other entities, the Board cannot determine the amount of state funds being used to match is supported and was for allowable purposes.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
While the Workforce Board established internal controls, they were insufficiently designed and did not operate effectively to ensure compliance with matching requirements.
Effect of Condition
Without establishing adequate internal controls and obtaining a sufficient level of supporting accounting detail, the Board cannot reasonably ensure it and its partnered state agencies have met matching requirements.
Recommendation
We recommend the Workforce Board:
• Establish and document internal controls sufficient to prevent and detect noncompliance with matching requirements.
• Obtain support sufficient to adequately ensure matching requirements are met.
Board’s Response
We appreciate the State Auditor’s Office audit of the matching requirement for the Perkins V program. The Workforce Training and Education Coordinating Board (Workforce Board) is committed to ensuring that our programs comply with all federal regulations. While the Workforce Board partially concurs with the Auditor's findings, we want to highlight that we have established controls to ensure the state administration match requirement is met.
During the period audited, there was turnover within both the Office of Superintendent of Public Instruction (OSPI) and the Workforce Board, which may have contributed to challenges in fulfilling certain requirements. However, the Workforce Board does have a contract with OSPI that specifies a Certification is required, and we did receive the Certification for the current year. Additionally, we have communicated with our subrecipients that certifications are required.
We have since worked closely with the new fiscal staff at OSPI, and they are now providing additional support for each quarterly billing, as reflected in their accounting records. Furthermore, the Workforce Board has incorporated a monitoring section into the new contracts to enhance oversight and ensure compliance moving forward.
Auditor’s Remarks
We thank the Board for its cooperation and assistance throughout the audit. We will review the status of the Board's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 United Stated Code, section 2391, Fiscal requirements, states, in part:
(b)Matching requirement
Each eligible agency receiving funds made available under subsection (a)(3) shall match, from non-Federal sources and on a dollar-for-dollar basis, the funds received under subsection (a)(3).
2024-027 Workforce Training and Education Coordinating Board did not have adequate internal controls to ensure compliance with level of effort requirements for the Career and Technical Education – Basic Grants to States program.
Assistance Listing Number and Title: 84.048 Career and Technical Education – Basic Grants to States (Perkins V)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: V048A210047; V048A220047; V048A230047
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Level of Effort
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Career and Technical Education - Basic Grants to States (Perkins V) program is administered by the Workforce Training and Education Coordinating Board (Workforce Board). Perkins V provides grants to states and outlying areas to develop the academic knowledge and technical and employability skills of secondary students and postsecondary students. This is accomplished by building on the efforts of states and localities to develop challenging academic and technical standards and to assist students in meeting such standards promoting the development of services and activities that integrate rigorous and challenging academic and career and technical instruction, and that link secondary education and postsecondary education. This is also done through increasing state and local flexibility in providing services and activities designed to develop, implement and improve career and technical education, conducting and disseminating national research and disseminating information on best practices that improve career and technical education programs and programs of study, services, and activities.
The Office of the Superintendent of Public Instruction (OSPI) and the Washington State Board for Community and Technical Colleges (SBCTC) receive funds through interagency agreements with the Workforce Board. The federal funding provides technical assistance, supporting partnerships among secondary schools, postsecondary institutions, area career and technical education schools, local workforce investment boards, business and industry, and intermediaries. It helps provide individuals with opportunities to develop, in conjunction with other educational and training programs, the knowledge and skills needed to keep the United States competitive; and increase the employment opportunities for populations who are chronically unemployed or underemployed (including individuals with disabilities, individuals from economically disadvantaged families, out-of-workforce individuals, youth who are in, or have aged out of, the foster care system, and homeless individuals).
Level of effort requirements for the grant require the state to maintain its fiscal efforts from state sources each year when compared with such efforts from the preceding year. Similarly, the state shall provide from state sources for administration of Perkins V, an amount that is not less than the state sourced amounts provided for administrative costs in the preceding fiscal year. Lastly, the state and its subrecipients may use funds for career and technical education activities that supplement, and not supplant, non-federal funds expended to carry out career and technical education activities.
During fiscal year 2024, the Workforce Board, OSPI, and SBCTC spent about $27 million in federal grant funds.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Workforce Board did not have adequate internal controls to ensure compliance with level of effort requirements for the Perkins V program.
The Workforce Board reviews state funding efforts for the program during its preparation of their annual report. However, the Workforce Board did not implement sufficient preventative controls to effectively monitor the level of effort requirements on a more continuous basis.
During the audit, we were unable to identify controls that would prevent or detect non-compliance with the requirement that federal funds must be used to supplement, not supplant, non-federal funds specific to the level of effort requirement.
As such, we determined internal controls were inadequate to prevent or detect non-compliance with federal requirements for level of effort.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Workforce Board did not establish sufficient internal controls that were designed to ensure compliance with the level of effort requirements.
Effect of Condition
Without establishing adequate internal controls, the Workforce Board cannot reasonably ensure it and its partnered state agencies have met level of effort requirements.
Recommendation
We recommend the Workforce Board establish and document internal controls sufficient to prevent and detect noncompliance with the level of effort requirements.
Board’s Response
Thank you for providing the Workforce Training and Education Coordinating Board (Workforce Board) with the opportunity to review and respond to the State Auditor’s Office (SAO) audit report on the level of effort. The Workforce Board fully acknowledges the significance and priority of maintaining strong internal controls over the analysis and certification of level of effort, ensuring that this process is completed in a timely manner and allowing sufficient time for any necessary corrective actions.
In collaboration with the State Board for Community and Technical Colleges (SBCTC) and the Office of Superintendent of Public Instruction (OSPI), the Workforce Board is committed to identifying and analyzing options for incorporating semi-annual reviews of the level of effort / maintenance of effort (MOE) funds. These efforts will help enhance transparency and improve the accuracy of reporting.
The SBCTC already provides level of effort documentation on a semi-annual basis. The Workforce Board will use this document as a template to establish agency guidelines related to MOE. The agency will require the collection of MOE data and certification from its subaward recipients on a semi-annual basis. This approach will help ensure consistent compliance with all applicable requirements and reinforce our commitment to continuous improvement in managing and overseeing MOE funds.
We appreciate the recommendations from the SAO and look forward to working collaboratively with SBCTC and OSPI to enhance our internal processes and controls.
Auditor’s Remarks
We thank the Board for its cooperation and assistance throughout the audit. We will review the status of the Board's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 20 United Stated Code, section 2391, Fiscal requirements, states:
(a) Supplement not supplant
Funds made available under this chapter for career and technical education activities shall supplement, and shall not supplant, non-Federal funds expended to carry out career and technical education activities.
(b) Maintenance of effort
(1) Determination
(A) In general
Except as provided in subparagraph (B), (C), or (D), in order for a State to receive its full allotment of funds under this chapter for any fiscal year, the Secretary must find that the State's fiscal effort per student, or the aggregate expenditures of such State, with respect to career and technical education for the preceding fiscal year was not less than the fiscal effort per student, or the aggregate expenditures of such State, for the second preceding fiscal year.
(B) Computation
In computing the fiscal effort or aggregate expenditures pursuant to subparagraph (A), the Secretary shall, at the request of the State, exclude competitive or incentive-based programs established by the State, capital expenditures, special one-time project costs, and the cost of pilot programs.
(C) Decrease in Federal support
If the amount made available for career and technical education programs under this chapter for a fiscal year is less than the amount made available for career and technical education programs under this chapter for the preceding fiscal year, then the fiscal effort per student or the aggregate expenditures of a State required by subparagraph (A) for the preceding fiscal year shall be decreased by the same percentage as the percentage decrease in the amount so made available.
(D) Establishing the state baseline
For purposes of applying subparagraph (A) for years which require the calculation of the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education for the first full fiscal year following July 31, 2018, the State may determine the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education for such first full fiscal year by-
(i) continuing to use the State's fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education, as was in effect on the day before July 31, 2018; or
(ii) establishing a new level of fiscal effort per student, or aggregate expenditures of such State, with respect to career and technical education, which is not less than 95 percent of the State's fiscal effort per student, or the aggregate expenditures of such State, with respect to career and technical education for the preceding fiscal year.
(2) Failure to meet
(A) In general
The Secretary shall reduce the amount of a State's allotment of funds under this chapter for any fiscal year in the exact proportion by which the State fails to meet the requirement of paragraph (1) by falling below the State's fiscal effort per student or the State's aggregate expenditures (using the measure most favorable to the State), if the State failed to meet such requirement (as determined using the measure most favorable to the State) for 1 or more of the 5 immediately preceding fiscal years.
(B) Special rule
No such lesser amount shall be used for computing the effort required under paragraph (1) for subsequent years.
(3) Waiver
The Secretary may waive paragraph (2) due to exceptional or uncontrollable circumstances affecting the ability of the State to meet the requirement of paragraph (1) such as a natural disaster or an unforeseen and precipitous decline in financial resources. No level of funding permitted under such a waiver may be used as the basis for computing the fiscal effort or aggregate expenditures required under this section for years subsequent to the year covered by such waiver. The fiscal effort or aggregate expenditures for the subsequent years shall be computed on the basis of the level of funding that would, but for such waiver, have been required.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-028 The Office of Superintendent of Public Instruction did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the Education Stabilization Fund program.
Assistance Listing Number and Title: 84.425R COVID-19 Coronavirus Response and Relief Supplemental Appropriations Act, Emergency Assistance to Non-Public Schools (CRRSA EANS)
84.425V COVID-19 American Rescue Plan – Emergency Assistance to Non-Public Schools (ARP EANS) program
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: S425D210015; S425R210012; S425U210015; S425V210012; S425W210049
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Components: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $47,322,280
Prior Year Audit Finding: No
Background
Beginning in March 2020, Congress set aside the Elementary and Secondary School Emergency Relief (ESSER) Fund to address the effect the COVID-19 pandemic has had, and continues to have, on elementary and secondary schools across the nation. Several rounds of funding were distributed to states under the Education Stabilization Fund (ESF) program with the intent to support public and nonpublic schools. The U.S. Department of Education awarded ESF grants to the Office of Financial Management, which then dispersed funds to the Office of Superintendent of Public Instruction, to pass through to Local Education Agencies (LEAs). The U.S. Department of Education awarded ESF program funds to grantees under multiple subprograms of the ESF. An alphabetic character at the end of the 84.425 Assistance Listing Number was used to delineate the specific subprogram. Each subprogram has its own funding requirements and compliance requirements.
The objective of the CRRSA EANS (84.425R) and ARP EANS (84.425V) subprograms is to provide governors with a reservation of funds to provide services or assistance to eligible nonpublic schools to address the impact the COVID-19 pandemic has had, and continues to have, on nonpublic school students and teachers in the state.
In fiscal year 2024, the state spent more than $600 million in ESFs federal funding.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Office did not have adequate internal controls over and did not comply with federal activities allowed and subrecipient monitoring requirements for the ESF program.
After the Office distributed EANS funds to nonpublic schools, there was $47,322,281 in ESF program funds remaining that went unobligated. Those funds reverted to the Governor’s office as CRRSA-GEER funds. After the reversion of these funds, the legislature specifically directed the Office to use the resources to fund Transition to Kindergarten programs.
During this process, the Office distributed funds to 149 public LEAs but did not issue subawards as required. As a result, it failed to clearly communicate these awards’ terms and conditions to the subrecipients, including the allowable uses of the funds.
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Office believed the information that was sent out through other means would cover the required elements it needed to communicate to the LEAs. The Office did not know the amount each LEA would receive as amounts were not predetermined, and the Office used an apportionment process to allocate funds to meet the legislative intent.
Effect of Condition and Questioned Costs
Without issuing subawards to subrecipients to ensure proper accountability and compliance with federal requirements, the Office cannot ensure all funds were used for allowable activities and properly supported. In addition, without a subaward, the Office could not distribute funds to these subrecipients. Therefore, we are questioning the $47,322,280 that it distributed to these LEAs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office:
• Establish effective internal controls to ensure that all federal funds it grants to subrecipients are awarded through a subaward that meets federal requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Office’s Response
We distributed these funds through the apportionment process instead of our grants system due to the nature of how the payments were calculated. Our grants system provides a grant award notification via e-mail when the grant is awarded that contains the federal elements required in CFR 200.332. While we did not provide a formal subaward that included all of these elements in one document, we provided most of them using other formal communication, such as through a Gov Delivery e-mail and the School District Accounting Manual. If we use the apportionment process to distribute funds in the future, we will include all of the required federal elements in a separate subaward. Additionally, our communication to school districts included the use of allowable activities for these funds. Therefore, we do not agree that the funds should be questioned as not being allowable or properly supported.
Auditor’s Remarks
The Office asserts the costs should not be questioned for not being allowable or properly supported. However, without a subaward the Office could not distribute federal funds to these subrecipients, therefore we are questioning the costs consistent with criteria established in 2 CFR 200 (Uniform Guidance).
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 34 U.S. Code of Federal Regulations (CFR) Part 75, Direct grant programs, section 702, Fiscal control and fund accounting procedures, states that a grantee shall use fiscal control and fund accounting procedures that ensure proper disbursement of, and accounting for, Federal funds as required in 2 CFR part 200, subpart D—Post Federal Award Requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 332, Requirements for pass-through entities, requires that every subaward is clearly identified to the subrecipient as a subaward and includes the federal identification elements.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 2 CFR Part 200.403, Uniform Guidance, establishes the factors affecting the allowability of costs.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-032 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03; 6 NH23IP922619-02-04; 6 NH23IP922619-02-06; 6 NH23IP922619-04-01; 5 NH23IP922619-05-00; 6 NH23IP922619-05-01; 6 NH23IP922619-05-02; 6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $464,473
Prior Year Audit Finding: Yes, Finding 2023-044
Background
The Department of Health administers the Immunization Cooperative Agreements program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million in noncash assistance from the federal grantor in the form of vaccines.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
The Department awards federal funds to subrecipients on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts
• Sub-subrecipients
• Indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The accounting unit emailed the requests to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over to ensure payments to providers were allowable, met cost principles and were within the period of performance for the program. The prior finding numbers were 2022-031 and 2023-044.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether program staff had reviewed and approved these expenditures.
We used a statistical sampling method to randomly select and examine 64 out of 483 provider payments. Additionally, we judgmentally reviewed three individually significant payments that exceeded $550,065 each. In total, we examined more than $7.8 million in provider payments as part of the audit. Of the 64 payments examined, we identified seven payments (11%) and three individually significant payments that did not have the required supporting documentation for the subrecipients’ assigned risk level. In addition to not having adequate supporting documentation, of the seven payments randomly selected:
• Two (3%) subrecipient payments utilized a higher indirect rate than the approved rate and the error was not identified at the time of approval
• One (2%) incorrectly charged $25,954 in expenditures for another federal program
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures and fiscal management did not ensure staff properly charged the program.
The Department also did not ensure it maintained access to the documents reviewed during the audit period.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it uses federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The 10 payments for which the Department did not have adequate supporting documentation from subrecipients totaled $464,473 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $465,976.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by Title 45 CFR Part 75, section 516(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Ensure that it retains documentation reviewed and approved for payment for audit review
• Improve internal controls to ensure program staff review, approve and communicate approval expenditures to those issuing payment to verify they are for allowable activities and within the period of performance prior to payment
• Ensure fiscal staff charge the correct federal programs
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program Immunization staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We partially agree with the exceptions and questioned costs identified. The Department did approve payment with the use of an incorrect indirect rate that was applied to a payment. This was identified as an error through the department’s internal controls during the audit period and that overpayment was corrected. The department stands that this should not have been an exception. The department maintains that its internal policies are held to a higher standard than federal requirements, and the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance at the time of review. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The Immunization program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The Immunization program refer to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures.
• The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The Immunizations program provides technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance.
• The Immunizations program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs
45 CFR Part 75, section 410, Collection of Unallowable Costs
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/22
This is the backup documentation required based on the determined risk level. More supporting documentation may be requested by programs at any time regardless of risk category. Please review your statement of work to determine if there are additional documentation requirements.
Expenditure Category Low-Risk Moderate-Risk High-Risk
Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages
• Hours worked
Example:
Salary
Bob Smith $5,324.75 Ann Brown $1,245.52 Example:
Salary
Bob Smith $5,324.75 Ann Brown $1,245.52 Example: Salary
Bob Smith
$5,324.75 (168 hrs.)
Ann Brown
$1,245.52 (34 hrs.)
Benefits $1,750.35
Benefits $1,750.35
Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Note: Salaries and benefits must be broken out as separate line items.
Note: Salaries and benefits must be broken out as separate line items.
Equipment ($5,000 or more) A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report with DOH preapproval. A-19 and a detailed GL expenditure report with DOH preapproval and copy of the invoice.
Materials and Supplies A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report.
Copies of invoices for transactions over
$2,500.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and detailed GL expenditure report.
Copies of invoices for transactions over
$1,000.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting
documentation.
Meals A-19 and a detailed GL expenditure report and receipt. A-19 and a detailed GL expenditure report with receipt and number of participants or meeting invite. A-19 and a detailed GL expenditure report with receipt, number of participants and sign in roster.
Outreach Materials- All outreach materials must be allowable according to grant terms and conditions. A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report.
Pre-approval required for all outreach materials in excess of
$2,500. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of
$1,000:
AND
• Sample of Outreach materials
Travel A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report and purpose of travel. A-19 and a detailed GL expenditure report and purpose of travel:
AND
• Pre-approval for out of state travel.
Training A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report and receipt for training. A-19 and a detailed GL expenditure report and receipt for training:
AND
• Agenda
Contracts (If the DOH subrecipient is
contracting out with an agency to perform work charged to the grant) A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $5,000. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $1,000.
Sub-Sub recipients (If the DOH subrecipient is passing funds through to another agency as a subrecipient) A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over
$5,000 with a detailed GL report.
• A copy of all invoices over
$1,000 with a detailed GL report.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
• If the subrecipient is using 10% de minimis they must complete DOH de minimis certification.
2024-033 The Department of Health did not have adequate internal controls over cash management and reporting requirements for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02
6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million in noncash assistance from the federal grantor in the form of vaccines.
Immunization is not subject to the Cash Management Improvement Act and is not included in the Treasury-State Agreement for Washington. Programs not covered by a Treasury-State Agreement are subject to the provisions of Title 31 of the U.S. Code of Federal Regulations, Part 205, Subpart B, which specifies how funds transfers from the federal government must be processed. The Department has federal revenue bimonthly draw procedures to request reimbursements in line with the Department’s payroll pay dates.
In addition, the Department is required to submit an annual SF-425 financial report for each open grant. This report contains information on revenue as well as direct and indirect expenditures for each open award.
The Department maintains the Grant Management System (GMS) that is used agency-wide to calculate cash draw amounts and pull financial data needed to complete the SF-425. The Department uses this system as one of its tools to manage all its federal grants. Daily, federal grant revenue and expenditures are automatically uploaded from the Department’s accounting system into its AFRS Data Distribution Services (ADDS) database. Department staff can pull data from ADDS by running queries in GMS. To ensure that the data is properly uploaded, Department staff perform a manual reconciliation between ADDS and the accounting system every workday. Also, indirect expenditures are calculated through the Cost Allocation System (CAS) that the Department maintains. The Department also maintains a chart of accounts (COA) system that feeds coding information into GMS and CAS to instruct these systems how to allocate grant expenditures.
Department staff generate a Grant Draw Report from GMS that provides the necessary information to complete a cash draw and SF-425 report. This report includes calculations for the cash draw amount performed by GMS using expenditure and revenue data received from the ADDS system.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over cash management and reporting requirements for the Immunization program.
Since the Department’s internal controls reviewed are a centralized process, our testing included all its federal programs we reviewed for this audit.
Daily Manual Reconciliation
We used a statistical sampling method to randomly select and examine 24 out of a total population of 250 workdays during the fiscal year. We found that the Department did not complete a reconciliation of the accounting system and ADDS data for three of the 24 days (13%). We also determined that the daily reconciliation included reconciling expenditure data, but not revenue data. Apart from the three instances, our testing discovered that incorrect reporting criteria was used for ADDS reporting, resulting in blank ADDS reports being generated from the system for the first 20 days of fiscal year 2024.
GMS Automated Draw Calculation
We judgmentally selected three cash draws and found the following issues:
• One instance in which the GMS incorrectly calculated the draw amount, resulting in an overdraw of $145,103
• Expenditures charged to valid program project codes did not show on the GMS draw report, resulting in funds being underdrawn by $700,819
• Indirect expenditures were incorrect in the GMS resulting in an overdraw of $153,312
We also examined the Department’s controls over updating the COA to determine if the coding associated with each award entered in GMS and CAS was accurate. Our review found:
• Users could update the COA without review or approval directly in the COA system
• There was no formal process to track the identification and resolution of COA coding errors
• The Department did not correct COA coding errors in a timely manner
• The COA system did not produce and retain audit logs of changes made
These issues are also noted in finding 2024-036.
Due to the issues noted above, we determined that the GMS Grant Draw Report used to complete the SF-425 is not adequately supported. Therefore, we reviewed the data directly from the accounting system and the cost allocation system as support for amounts reported on the SF-425. We examined five of the 10 reports submitted during the fiscal year and did not identify any discrepancies.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate internal controls to ensure the data used to complete cash draws and SF-425 reporting is accurate and complete. The Department also does not have adequate controls in place to detect coding errors that would result in incorrect data being input and pulled from the GMS and CAS.
The Department was not able to provide an explanation for why GMS incorrectly calculated the cash draw amount.
Effect of Condition
By not implementing adequate internal controls, the Department risks reporting inaccurate information on its SF-425 reports, overdrawing federal revenue and having to repay the grantor.
Recommendations
We recommend the Department ensure it:
• Performs daily reconciliations between ADDS and AFRS
• Has adequate internal controls in place over the accuracy of the chart of accounts
• Has adequate controls in place to properly calculate cash draw amounts in GMS
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure adequate internal controls over cash management and reporting requirements for the Immunization program, we partially agree with SAO’s assessment of a material weakness in internal controls over the cash management and reporting process.
Daily Manual Reconciliation
The Department disagrees with this assessment. Our internal controls identified a concern with the ADDs reporting criteria. The Department partnered with our IT department and identified the cause of the report errors. This was corrected within the audit period which allowed us to go back to using this internal control to verify totals.
GMS Automated Draw Calculation
The Department agrees with this assessment and the Department is working diligently to correct the issue.
Chart of Account Updates
The Department disagrees with this assessment. The Chart of Accounts (COA) errors were due to OFM giving the Department the incorrect EA schedule. The 23-25 Biennium EA schedule released from OFM on 06/21/2023 showed the appropriation as 984, which was incorrect. The Departments’ coding structure was set up based on the initial EA schedule provided by OFM. The EA schedule that was released on 10/18/2023 had the correct appropriation of 985. The Department had already set up the COA with incorrect appropriation. After receiving the new EA schedule in October, the Department had to set up all new master index codes with the correct appropriation and JV all expenditures from the old master index codes to the new ones. Therefore, in order to change the existing COA to the correct COA structure with the new EA schedule, the Department had to update the COA structure outside of normal procedures. The Department tracked changes via excel spreadsheets and developed additional internal control processes due to the nature of changes made outside of normal procedures. The Department addressed the COA errors as timely as possible.
Auditor’s Remarks
Daily Manual Reconciliation
We appreciate the Department acknowledging that the system was not generating a report with the correct criteria for 20 days. In addition to this issue, we found three (13%) of the 24 days tested outside of this period were also not reconciled.
Chart of Account Updates
While changes to the COA that resulted in some of the errors were made at the direction of OFM, it was not the cause for all issues identified in the audit. We reaffirm the lack of internal controls within the Department over COA updates resulted in incorrect draw amounts.
We reaffirm our finding and will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 31 CFR Part 205.33, How are funds transfers processed?, states in part:
A state must minimize the time between the Drawdown of Federal Funds from the Federal government and their disbursement for Federal Program Purposes. A federal Program Agency must limit a fund transfer to a State to the minimum amount needed by the State and must time the disbursement to be in accord with the actual, immediate cash requirements of the State in carrying out a federal assistance program or project. The timing and amount of funds transfers must be close as is administratively feasible to a State’s actual cash outlay for direct program costs and proportionate share of any allowable indirect costs. States should exercise sound cash management in funds transfers to subgrantees in accordance with OMB Circular A-102 (For availability, see 5 CFR 1310.3)
CDC General Terms and Conditions for Research Grant and Cooperative Agreements, states in part:
Annual Federal Financial Report (FFR, SF-425): The Annual Federal Financial Report (FFR) SF- 425 is required and must be submitted no later than 90 days after the end of the budget period in the Payment Management System.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-034 The Department of Health did not have adequate internal controls to ensure it filed on-time reports required by the Federal Funding Accountability and Transparency Act for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02
6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-045
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million of vaccines as noncash assistance from the federal grantor.
The Federal Funding Accountability and Transparency Act (Act) requires the Department to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower those with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
When the Department makes a new subaward or amendment, staff update a spreadsheet throughout the month with the subaward information required for reporting. Staff then send the spreadsheet to management for approval before submitting the report. The Department was required to report 16 subawards and amendments in fiscal year 2024, totaling $1,316,302.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the Immunization program. The prior finding numbers were 2023-045 and 2022-032.
Description of Condition
The Department did not have adequate internal controls to ensure it filed on-time reports required by the Act for the Immunization program.
During the audit period, the Department’s process for filing FFATA reports started with a Fiscal Analyst maintaining a spreadsheet throughout the month with the subaward information required for reporting. Management reviewed the spreadsheet and asked the Fiscal Analyst to approve the submission of the report. We used a nonstatistical sampling method to randomly select and examine management approvals for five of the 12 spreadsheets that corresponded with each month in the state fiscal year. We found that two of the five months (40%) did not have management approval.
We used a nonstatistical sampling method to randomly select and examine nine out of the 16 total subawards and amendments the Department was required to report during the state fiscal year. We found that the Department reported four of the six subawards and amendments (67%) late.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not retain documentation to support management review and approval of the monthly FFATA worksheets. Additionally, Department management asserted the late submission of the report for the four subawards was because the contract account coding for the Department’s accounting system was not created at the time of the contract execution. The Department’s process requires this coding to identify reportable information such as the grant Federal Award Identification Number. As soon as the coding information is updated, staff can then submit the items to FSRS.
Effect of Condition
Without performing an adequate review, management cannot ensure the Department submits accurate, complete and on-time reports. Further, failing to submit reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Lastly, the federal award’s terms and conditions allow the grantor to penalize the Department for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Ensure it documents management reviews in writing and retains them for audit review
• Review its FFATA reporting procedure to ensure it submits reports on time
Department’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current process to ensure timely review and submission of the FFATA reports.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a) Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-035 The Department of Health did not have adequate internal controls to ensure providers maintained immunization records, control, accountability and safeguarding of vaccines for the Immunization Cooperative Agreements Program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02 6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Known Questioned Cost Amount: Special Tests and Provisions – Control, Accountability, and Safeguarding of Vaccines
Special Tests and Provisions – Record of Immunization
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children (VFC) program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million of vaccines as noncash assistance from the federal grantor.
The Department works with providers that administer vaccines to eligible children. The Department is required to ensure providers comply with the requirements of the VFC program. This includes ensuring vaccines are adequately safeguarded, used solely for authorized purposes and are only administered to VFC program-eligible children.
The U.S. Centers for Disease Control and Prevention requires the Department to conduct site visits of each provider once every 24 months. Additionally, the Department reviews monthly reports for vaccine doses administered outside the age range (DOAR), vaccine storage temperature logs and inventory reconciliation reports before approving vaccine orders to ensure providers are compliant with these VFC requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure providers maintained immunization records, control, accountability and safeguarding of vaccines for the Immunization Program.
On-site Visits
We used a nonstatistical sampling method to randomly select 56 providers that received a site visit out of the total 502 provider visits completed during the state fiscal year. We found that the Department conducted two (3.6%) provider site visits about two months after the 24-month period.
Ongoing Monitoring
The Department uses a tracking spreadsheet to document the review of the DOAR report, temperature logs and inventory reconciliation report along with any necessary follow-up with providers before approving vaccine orders. We used a statistical sampling method and randomly selected 57 providers out of a total of 570 and examined the review of the submitted reports. We found the Department did not review the DOAR report for two providers (3.5%) and did not track subsequent follow-up on corrective measures in the spreadsheet. Further, we found four providers (7%) had issues on its DOAR report, but the Department approved vaccine orders without receiving the provider’s questionnaire to address the deficiency noted in the report. We did not identify any issues for the temperature logs or the inventory reconciliation reports.
We consider these internal control deficiencies to be a significant deficiency, which did not lead to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said excessive staff workload and providers’ requests to delay visits resulted in the Department not completing on-site visits within the required 24 months.
Department management said that inadequate ongoing monitoring of the reports was due to staff oversight.
Effect of Condition
Without conducting on-site visits every 24 months and without adequate review of the DOAR report and the questionnaire response, the Department risks approving vaccine orders for providers that may not be compliant with VFC program requirements.
By not ensuring it completes on-site visits every 24 months and properly performs reviews of reports, the Department could be subject to sanctions by the grantor.
Recommendations
We recommend the Department ensure:
• That it conducts compliance visits every 24 months
• That it adequately reviews the DOAR report and completes follow-up procedures according to internal policies and procedures
Authority’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department has already taken steps to evaluate current processes to ensure providers maintain immunization records, control, accountability and safeguarding of vaccines for the Immunization Program.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Center for Disease Control and Prevention Vaccines for Children Operations Guide, Page 57 states in part:
Requirement: Awardees must conduct and record VFC compliance site visits, covering areas of provider details, eligibility, documentation, storage and handling (per unit and sitewide), and inventory management with each VFC provider every 24 months.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-032 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03; 6 NH23IP922619-02-04; 6 NH23IP922619-02-06; 6 NH23IP922619-04-01; 5 NH23IP922619-05-00; 6 NH23IP922619-05-01; 6 NH23IP922619-05-02; 6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $464,473
Prior Year Audit Finding: Yes, Finding 2023-044
Background
The Department of Health administers the Immunization Cooperative Agreements program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million in noncash assistance from the federal grantor in the form of vaccines.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
The Department awards federal funds to subrecipients on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts
• Sub-subrecipients
• Indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The accounting unit emailed the requests to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over to ensure payments to providers were allowable, met cost principles and were within the period of performance for the program. The prior finding numbers were 2022-031 and 2023-044.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether program staff had reviewed and approved these expenditures.
We used a statistical sampling method to randomly select and examine 64 out of 483 provider payments. Additionally, we judgmentally reviewed three individually significant payments that exceeded $550,065 each. In total, we examined more than $7.8 million in provider payments as part of the audit. Of the 64 payments examined, we identified seven payments (11%) and three individually significant payments that did not have the required supporting documentation for the subrecipients’ assigned risk level. In addition to not having adequate supporting documentation, of the seven payments randomly selected:
• Two (3%) subrecipient payments utilized a higher indirect rate than the approved rate and the error was not identified at the time of approval
• One (2%) incorrectly charged $25,954 in expenditures for another federal program
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures and fiscal management did not ensure staff properly charged the program.
The Department also did not ensure it maintained access to the documents reviewed during the audit period.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it uses federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The 10 payments for which the Department did not have adequate supporting documentation from subrecipients totaled $464,473 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $465,976.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by Title 45 CFR Part 75, section 516(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Ensure that it retains documentation reviewed and approved for payment for audit review
• Improve internal controls to ensure program staff review, approve and communicate approval expenditures to those issuing payment to verify they are for allowable activities and within the period of performance prior to payment
• Ensure fiscal staff charge the correct federal programs
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program Immunization staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We partially agree with the exceptions and questioned costs identified. The Department did approve payment with the use of an incorrect indirect rate that was applied to a payment. This was identified as an error through the department’s internal controls during the audit period and that overpayment was corrected. The department stands that this should not have been an exception. The department maintains that its internal policies are held to a higher standard than federal requirements, and the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance at the time of review. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The Immunization program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The Immunization program refer to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures.
• The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The Immunizations program provides technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance.
• The Immunizations program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs
45 CFR Part 75, section 410, Collection of Unallowable Costs
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/22
This is the backup documentation required based on the determined risk level. More supporting documentation may be requested by programs at any time regardless of risk category. Please review your statement of work to determine if there are additional documentation requirements.
Expenditure Category Low-Risk Moderate-Risk High-Risk
Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages
• Hours worked
Example:
Salary
Bob Smith $5,324.75 Ann Brown $1,245.52 Example:
Salary
Bob Smith $5,324.75 Ann Brown $1,245.52 Example: Salary
Bob Smith
$5,324.75 (168 hrs.)
Ann Brown
$1,245.52 (34 hrs.)
Benefits $1,750.35
Benefits $1,750.35
Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Note: Salaries and benefits must be broken out as separate line items.
Note: Salaries and benefits must be broken out as separate line items.
Equipment ($5,000 or more) A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report with DOH preapproval. A-19 and a detailed GL expenditure report with DOH preapproval and copy of the invoice.
Materials and Supplies A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report.
Copies of invoices for transactions over
$2,500.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and detailed GL expenditure report.
Copies of invoices for transactions over
$1,000.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting
documentation.
Meals A-19 and a detailed GL expenditure report and receipt. A-19 and a detailed GL expenditure report with receipt and number of participants or meeting invite. A-19 and a detailed GL expenditure report with receipt, number of participants and sign in roster.
Outreach Materials- All outreach materials must be allowable according to grant terms and conditions. A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report.
Pre-approval required for all outreach materials in excess of
$2,500. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of
$1,000:
AND
• Sample of Outreach materials
Travel A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report and purpose of travel. A-19 and a detailed GL expenditure report and purpose of travel:
AND
• Pre-approval for out of state travel.
Training A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report and receipt for training. A-19 and a detailed GL expenditure report and receipt for training:
AND
• Agenda
Contracts (If the DOH subrecipient is
contracting out with an agency to perform work charged to the grant) A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $5,000. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $1,000.
Sub-Sub recipients (If the DOH subrecipient is passing funds through to another agency as a subrecipient) A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over
$5,000 with a detailed GL report.
• A copy of all invoices over
$1,000 with a detailed GL report.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
• If the subrecipient is using 10% de minimis they must complete DOH de minimis certification.
2024-033 The Department of Health did not have adequate internal controls over cash management and reporting requirements for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02
6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million in noncash assistance from the federal grantor in the form of vaccines.
Immunization is not subject to the Cash Management Improvement Act and is not included in the Treasury-State Agreement for Washington. Programs not covered by a Treasury-State Agreement are subject to the provisions of Title 31 of the U.S. Code of Federal Regulations, Part 205, Subpart B, which specifies how funds transfers from the federal government must be processed. The Department has federal revenue bimonthly draw procedures to request reimbursements in line with the Department’s payroll pay dates.
In addition, the Department is required to submit an annual SF-425 financial report for each open grant. This report contains information on revenue as well as direct and indirect expenditures for each open award.
The Department maintains the Grant Management System (GMS) that is used agency-wide to calculate cash draw amounts and pull financial data needed to complete the SF-425. The Department uses this system as one of its tools to manage all its federal grants. Daily, federal grant revenue and expenditures are automatically uploaded from the Department’s accounting system into its AFRS Data Distribution Services (ADDS) database. Department staff can pull data from ADDS by running queries in GMS. To ensure that the data is properly uploaded, Department staff perform a manual reconciliation between ADDS and the accounting system every workday. Also, indirect expenditures are calculated through the Cost Allocation System (CAS) that the Department maintains. The Department also maintains a chart of accounts (COA) system that feeds coding information into GMS and CAS to instruct these systems how to allocate grant expenditures.
Department staff generate a Grant Draw Report from GMS that provides the necessary information to complete a cash draw and SF-425 report. This report includes calculations for the cash draw amount performed by GMS using expenditure and revenue data received from the ADDS system.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over cash management and reporting requirements for the Immunization program.
Since the Department’s internal controls reviewed are a centralized process, our testing included all its federal programs we reviewed for this audit.
Daily Manual Reconciliation
We used a statistical sampling method to randomly select and examine 24 out of a total population of 250 workdays during the fiscal year. We found that the Department did not complete a reconciliation of the accounting system and ADDS data for three of the 24 days (13%). We also determined that the daily reconciliation included reconciling expenditure data, but not revenue data. Apart from the three instances, our testing discovered that incorrect reporting criteria was used for ADDS reporting, resulting in blank ADDS reports being generated from the system for the first 20 days of fiscal year 2024.
GMS Automated Draw Calculation
We judgmentally selected three cash draws and found the following issues:
• One instance in which the GMS incorrectly calculated the draw amount, resulting in an overdraw of $145,103
• Expenditures charged to valid program project codes did not show on the GMS draw report, resulting in funds being underdrawn by $700,819
• Indirect expenditures were incorrect in the GMS resulting in an overdraw of $153,312
We also examined the Department’s controls over updating the COA to determine if the coding associated with each award entered in GMS and CAS was accurate. Our review found:
• Users could update the COA without review or approval directly in the COA system
• There was no formal process to track the identification and resolution of COA coding errors
• The Department did not correct COA coding errors in a timely manner
• The COA system did not produce and retain audit logs of changes made
These issues are also noted in finding 2024-036.
Due to the issues noted above, we determined that the GMS Grant Draw Report used to complete the SF-425 is not adequately supported. Therefore, we reviewed the data directly from the accounting system and the cost allocation system as support for amounts reported on the SF-425. We examined five of the 10 reports submitted during the fiscal year and did not identify any discrepancies.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate internal controls to ensure the data used to complete cash draws and SF-425 reporting is accurate and complete. The Department also does not have adequate controls in place to detect coding errors that would result in incorrect data being input and pulled from the GMS and CAS.
The Department was not able to provide an explanation for why GMS incorrectly calculated the cash draw amount.
Effect of Condition
By not implementing adequate internal controls, the Department risks reporting inaccurate information on its SF-425 reports, overdrawing federal revenue and having to repay the grantor.
Recommendations
We recommend the Department ensure it:
• Performs daily reconciliations between ADDS and AFRS
• Has adequate internal controls in place over the accuracy of the chart of accounts
• Has adequate controls in place to properly calculate cash draw amounts in GMS
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure adequate internal controls over cash management and reporting requirements for the Immunization program, we partially agree with SAO’s assessment of a material weakness in internal controls over the cash management and reporting process.
Daily Manual Reconciliation
The Department disagrees with this assessment. Our internal controls identified a concern with the ADDs reporting criteria. The Department partnered with our IT department and identified the cause of the report errors. This was corrected within the audit period which allowed us to go back to using this internal control to verify totals.
GMS Automated Draw Calculation
The Department agrees with this assessment and the Department is working diligently to correct the issue.
Chart of Account Updates
The Department disagrees with this assessment. The Chart of Accounts (COA) errors were due to OFM giving the Department the incorrect EA schedule. The 23-25 Biennium EA schedule released from OFM on 06/21/2023 showed the appropriation as 984, which was incorrect. The Departments’ coding structure was set up based on the initial EA schedule provided by OFM. The EA schedule that was released on 10/18/2023 had the correct appropriation of 985. The Department had already set up the COA with incorrect appropriation. After receiving the new EA schedule in October, the Department had to set up all new master index codes with the correct appropriation and JV all expenditures from the old master index codes to the new ones. Therefore, in order to change the existing COA to the correct COA structure with the new EA schedule, the Department had to update the COA structure outside of normal procedures. The Department tracked changes via excel spreadsheets and developed additional internal control processes due to the nature of changes made outside of normal procedures. The Department addressed the COA errors as timely as possible.
Auditor’s Remarks
Daily Manual Reconciliation
We appreciate the Department acknowledging that the system was not generating a report with the correct criteria for 20 days. In addition to this issue, we found three (13%) of the 24 days tested outside of this period were also not reconciled.
Chart of Account Updates
While changes to the COA that resulted in some of the errors were made at the direction of OFM, it was not the cause for all issues identified in the audit. We reaffirm the lack of internal controls within the Department over COA updates resulted in incorrect draw amounts.
We reaffirm our finding and will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 31 CFR Part 205.33, How are funds transfers processed?, states in part:
A state must minimize the time between the Drawdown of Federal Funds from the Federal government and their disbursement for Federal Program Purposes. A federal Program Agency must limit a fund transfer to a State to the minimum amount needed by the State and must time the disbursement to be in accord with the actual, immediate cash requirements of the State in carrying out a federal assistance program or project. The timing and amount of funds transfers must be close as is administratively feasible to a State’s actual cash outlay for direct program costs and proportionate share of any allowable indirect costs. States should exercise sound cash management in funds transfers to subgrantees in accordance with OMB Circular A-102 (For availability, see 5 CFR 1310.3)
CDC General Terms and Conditions for Research Grant and Cooperative Agreements, states in part:
Annual Federal Financial Report (FFR, SF-425): The Annual Federal Financial Report (FFR) SF- 425 is required and must be submitted no later than 90 days after the end of the budget period in the Payment Management System.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-034 The Department of Health did not have adequate internal controls to ensure it filed on-time reports required by the Federal Funding Accountability and Transparency Act for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02
6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-045
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million of vaccines as noncash assistance from the federal grantor.
The Federal Funding Accountability and Transparency Act (Act) requires the Department to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower those with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
When the Department makes a new subaward or amendment, staff update a spreadsheet throughout the month with the subaward information required for reporting. Staff then send the spreadsheet to management for approval before submitting the report. The Department was required to report 16 subawards and amendments in fiscal year 2024, totaling $1,316,302.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the Immunization program. The prior finding numbers were 2023-045 and 2022-032.
Description of Condition
The Department did not have adequate internal controls to ensure it filed on-time reports required by the Act for the Immunization program.
During the audit period, the Department’s process for filing FFATA reports started with a Fiscal Analyst maintaining a spreadsheet throughout the month with the subaward information required for reporting. Management reviewed the spreadsheet and asked the Fiscal Analyst to approve the submission of the report. We used a nonstatistical sampling method to randomly select and examine management approvals for five of the 12 spreadsheets that corresponded with each month in the state fiscal year. We found that two of the five months (40%) did not have management approval.
We used a nonstatistical sampling method to randomly select and examine nine out of the 16 total subawards and amendments the Department was required to report during the state fiscal year. We found that the Department reported four of the six subawards and amendments (67%) late.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not retain documentation to support management review and approval of the monthly FFATA worksheets. Additionally, Department management asserted the late submission of the report for the four subawards was because the contract account coding for the Department’s accounting system was not created at the time of the contract execution. The Department’s process requires this coding to identify reportable information such as the grant Federal Award Identification Number. As soon as the coding information is updated, staff can then submit the items to FSRS.
Effect of Condition
Without performing an adequate review, management cannot ensure the Department submits accurate, complete and on-time reports. Further, failing to submit reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Lastly, the federal award’s terms and conditions allow the grantor to penalize the Department for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Ensure it documents management reviews in writing and retains them for audit review
• Review its FFATA reporting procedure to ensure it submits reports on time
Department’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current process to ensure timely review and submission of the FFATA reports.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a) Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-035 The Department of Health did not have adequate internal controls to ensure providers maintained immunization records, control, accountability and safeguarding of vaccines for the Immunization Cooperative Agreements Program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02 6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Known Questioned Cost Amount: Special Tests and Provisions – Control, Accountability, and Safeguarding of Vaccines
Special Tests and Provisions – Record of Immunization
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children (VFC) program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million of vaccines as noncash assistance from the federal grantor.
The Department works with providers that administer vaccines to eligible children. The Department is required to ensure providers comply with the requirements of the VFC program. This includes ensuring vaccines are adequately safeguarded, used solely for authorized purposes and are only administered to VFC program-eligible children.
The U.S. Centers for Disease Control and Prevention requires the Department to conduct site visits of each provider once every 24 months. Additionally, the Department reviews monthly reports for vaccine doses administered outside the age range (DOAR), vaccine storage temperature logs and inventory reconciliation reports before approving vaccine orders to ensure providers are compliant with these VFC requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure providers maintained immunization records, control, accountability and safeguarding of vaccines for the Immunization Program.
On-site Visits
We used a nonstatistical sampling method to randomly select 56 providers that received a site visit out of the total 502 provider visits completed during the state fiscal year. We found that the Department conducted two (3.6%) provider site visits about two months after the 24-month period.
Ongoing Monitoring
The Department uses a tracking spreadsheet to document the review of the DOAR report, temperature logs and inventory reconciliation report along with any necessary follow-up with providers before approving vaccine orders. We used a statistical sampling method and randomly selected 57 providers out of a total of 570 and examined the review of the submitted reports. We found the Department did not review the DOAR report for two providers (3.5%) and did not track subsequent follow-up on corrective measures in the spreadsheet. Further, we found four providers (7%) had issues on its DOAR report, but the Department approved vaccine orders without receiving the provider’s questionnaire to address the deficiency noted in the report. We did not identify any issues for the temperature logs or the inventory reconciliation reports.
We consider these internal control deficiencies to be a significant deficiency, which did not lead to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said excessive staff workload and providers’ requests to delay visits resulted in the Department not completing on-site visits within the required 24 months.
Department management said that inadequate ongoing monitoring of the reports was due to staff oversight.
Effect of Condition
Without conducting on-site visits every 24 months and without adequate review of the DOAR report and the questionnaire response, the Department risks approving vaccine orders for providers that may not be compliant with VFC program requirements.
By not ensuring it completes on-site visits every 24 months and properly performs reviews of reports, the Department could be subject to sanctions by the grantor.
Recommendations
We recommend the Department ensure:
• That it conducts compliance visits every 24 months
• That it adequately reviews the DOAR report and completes follow-up procedures according to internal policies and procedures
Authority’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department has already taken steps to evaluate current processes to ensure providers maintain immunization records, control, accountability and safeguarding of vaccines for the Immunization Program.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Center for Disease Control and Prevention Vaccines for Children Operations Guide, Page 57 states in part:
Requirement: Awardees must conduct and record VFC compliance site visits, covering areas of provider details, eligibility, documentation, storage and handling (per unit and sitewide), and inventory management with each VFC provider every 24 months.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-032 The Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03; 6 NH23IP922619-02-04; 6 NH23IP922619-02-06; 6 NH23IP922619-04-01; 5 NH23IP922619-05-00; 6 NH23IP922619-05-01; 6 NH23IP922619-05-02; 6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $464,473
Prior Year Audit Finding: Yes, Finding 2023-044
Background
The Department of Health administers the Immunization Cooperative Agreements program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million in noncash assistance from the federal grantor in the form of vaccines.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
The Department awards federal funds to subrecipients on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts
• Sub-subrecipients
• Indirect costs
During the audit period, subrecipients submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The accounting unit emailed the requests to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over to ensure payments to providers were allowable, met cost principles and were within the period of performance for the program. The prior finding numbers were 2022-031 and 2023-044.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable, met cost principles, and were within the period of performance for the program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payment. As a result, the Department paid the subrecipients without knowing whether program staff had reviewed and approved these expenditures.
We used a statistical sampling method to randomly select and examine 64 out of 483 provider payments. Additionally, we judgmentally reviewed three individually significant payments that exceeded $550,065 each. In total, we examined more than $7.8 million in provider payments as part of the audit. Of the 64 payments examined, we identified seven payments (11%) and three individually significant payments that did not have the required supporting documentation for the subrecipients’ assigned risk level. In addition to not having adequate supporting documentation, of the seven payments randomly selected:
• Two (3%) subrecipient payments utilized a higher indirect rate than the approved rate and the error was not identified at the time of approval
• One (2%) incorrectly charged $25,954 in expenditures for another federal program
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures and fiscal management did not ensure staff properly charged the program.
The Department also did not ensure it maintained access to the documents reviewed during the audit period.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it uses federal funds for allowable purposes and within the period of performance. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The 10 payments for which the Department did not have adequate supporting documentation from subrecipients totaled $464,473 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $465,976.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by Title 45 CFR Part 75, section 516(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them
• Ensure that it retains documentation reviewed and approved for payment for audit review
• Improve internal controls to ensure program staff review, approve and communicate approval expenditures to those issuing payment to verify they are for allowable activities and within the period of performance prior to payment
• Ensure fiscal staff charge the correct federal programs
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program Immunization staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We partially agree with the exceptions and questioned costs identified. The Department did approve payment with the use of an incorrect indirect rate that was applied to a payment. This was identified as an error through the department’s internal controls during the audit period and that overpayment was corrected. The department stands that this should not have been an exception. The department maintains that its internal policies are held to a higher standard than federal requirements, and the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance at the time of review. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The Immunization program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The Immunization program refer to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures.
• The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The Immunizations program provides technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance.
• The Immunizations program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a new procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
We reaffirm our finding and will follow up on the status of the Department’s corrective action during our next audit period.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs
45 CFR Part 75, section 410, Collection of Unallowable Costs
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/22
This is the backup documentation required based on the determined risk level. More supporting documentation may be requested by programs at any time regardless of risk category. Please review your statement of work to determine if there are additional documentation requirements.
Expenditure Category Low-Risk Moderate-Risk High-Risk
Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages
• Hours worked
Example:
Salary
Bob Smith $5,324.75 Ann Brown $1,245.52 Example:
Salary
Bob Smith $5,324.75 Ann Brown $1,245.52 Example: Salary
Bob Smith
$5,324.75 (168 hrs.)
Ann Brown
$1,245.52 (34 hrs.)
Benefits $1,750.35
Benefits $1,750.35
Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Note: Salaries and benefits must be broken out as separate line items.
Note: Salaries and benefits must be broken out as separate line items.
Equipment ($5,000 or more) A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report with DOH preapproval. A-19 and a detailed GL expenditure report with DOH preapproval and copy of the invoice.
Materials and Supplies A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report.
Copies of invoices for transactions over
$2,500.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and detailed GL expenditure report.
Copies of invoices for transactions over
$1,000.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting
documentation.
Meals A-19 and a detailed GL expenditure report and receipt. A-19 and a detailed GL expenditure report with receipt and number of participants or meeting invite. A-19 and a detailed GL expenditure report with receipt, number of participants and sign in roster.
Outreach Materials- All outreach materials must be allowable according to grant terms and conditions. A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report.
Pre-approval required for all outreach materials in excess of
$2,500. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of
$1,000:
AND
• Sample of Outreach materials
Travel A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report and purpose of travel. A-19 and a detailed GL expenditure report and purpose of travel:
AND
• Pre-approval for out of state travel.
Training A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report and receipt for training. A-19 and a detailed GL expenditure report and receipt for training:
AND
• Agenda
Contracts (If the DOH subrecipient is
contracting out with an agency to perform work charged to the grant) A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $5,000. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $1,000.
Sub-Sub recipients (If the DOH subrecipient is passing funds through to another agency as a subrecipient) A-19 and a detailed
GL expenditure report. A-19 and a detailed
GL expenditure report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over
$5,000 with a detailed GL report.
• A copy of all invoices over
$1,000 with a detailed GL report.
NOTE:
Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
• If the subrecipient is using 10% de minimis they must complete DOH de minimis certification.
2024-033 The Department of Health did not have adequate internal controls over cash management and reporting requirements for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02
6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million in noncash assistance from the federal grantor in the form of vaccines.
Immunization is not subject to the Cash Management Improvement Act and is not included in the Treasury-State Agreement for Washington. Programs not covered by a Treasury-State Agreement are subject to the provisions of Title 31 of the U.S. Code of Federal Regulations, Part 205, Subpart B, which specifies how funds transfers from the federal government must be processed. The Department has federal revenue bimonthly draw procedures to request reimbursements in line with the Department’s payroll pay dates.
In addition, the Department is required to submit an annual SF-425 financial report for each open grant. This report contains information on revenue as well as direct and indirect expenditures for each open award.
The Department maintains the Grant Management System (GMS) that is used agency-wide to calculate cash draw amounts and pull financial data needed to complete the SF-425. The Department uses this system as one of its tools to manage all its federal grants. Daily, federal grant revenue and expenditures are automatically uploaded from the Department’s accounting system into its AFRS Data Distribution Services (ADDS) database. Department staff can pull data from ADDS by running queries in GMS. To ensure that the data is properly uploaded, Department staff perform a manual reconciliation between ADDS and the accounting system every workday. Also, indirect expenditures are calculated through the Cost Allocation System (CAS) that the Department maintains. The Department also maintains a chart of accounts (COA) system that feeds coding information into GMS and CAS to instruct these systems how to allocate grant expenditures.
Department staff generate a Grant Draw Report from GMS that provides the necessary information to complete a cash draw and SF-425 report. This report includes calculations for the cash draw amount performed by GMS using expenditure and revenue data received from the ADDS system.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over cash management and reporting requirements for the Immunization program.
Since the Department’s internal controls reviewed are a centralized process, our testing included all its federal programs we reviewed for this audit.
Daily Manual Reconciliation
We used a statistical sampling method to randomly select and examine 24 out of a total population of 250 workdays during the fiscal year. We found that the Department did not complete a reconciliation of the accounting system and ADDS data for three of the 24 days (13%). We also determined that the daily reconciliation included reconciling expenditure data, but not revenue data. Apart from the three instances, our testing discovered that incorrect reporting criteria was used for ADDS reporting, resulting in blank ADDS reports being generated from the system for the first 20 days of fiscal year 2024.
GMS Automated Draw Calculation
We judgmentally selected three cash draws and found the following issues:
• One instance in which the GMS incorrectly calculated the draw amount, resulting in an overdraw of $145,103
• Expenditures charged to valid program project codes did not show on the GMS draw report, resulting in funds being underdrawn by $700,819
• Indirect expenditures were incorrect in the GMS resulting in an overdraw of $153,312
We also examined the Department’s controls over updating the COA to determine if the coding associated with each award entered in GMS and CAS was accurate. Our review found:
• Users could update the COA without review or approval directly in the COA system
• There was no formal process to track the identification and resolution of COA coding errors
• The Department did not correct COA coding errors in a timely manner
• The COA system did not produce and retain audit logs of changes made
These issues are also noted in finding 2024-036.
Due to the issues noted above, we determined that the GMS Grant Draw Report used to complete the SF-425 is not adequately supported. Therefore, we reviewed the data directly from the accounting system and the cost allocation system as support for amounts reported on the SF-425. We examined five of the 10 reports submitted during the fiscal year and did not identify any discrepancies.
We consider these internal control deficiencies to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate internal controls to ensure the data used to complete cash draws and SF-425 reporting is accurate and complete. The Department also does not have adequate controls in place to detect coding errors that would result in incorrect data being input and pulled from the GMS and CAS.
The Department was not able to provide an explanation for why GMS incorrectly calculated the cash draw amount.
Effect of Condition
By not implementing adequate internal controls, the Department risks reporting inaccurate information on its SF-425 reports, overdrawing federal revenue and having to repay the grantor.
Recommendations
We recommend the Department ensure it:
• Performs daily reconciliations between ADDS and AFRS
• Has adequate internal controls in place over the accuracy of the chart of accounts
• Has adequate controls in place to properly calculate cash draw amounts in GMS
Department’s Response
We appreciate the State Auditor’s Office audit of the Immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure adequate internal controls over cash management and reporting requirements for the Immunization program, we partially agree with SAO’s assessment of a material weakness in internal controls over the cash management and reporting process.
Daily Manual Reconciliation
The Department disagrees with this assessment. Our internal controls identified a concern with the ADDs reporting criteria. The Department partnered with our IT department and identified the cause of the report errors. This was corrected within the audit period which allowed us to go back to using this internal control to verify totals.
GMS Automated Draw Calculation
The Department agrees with this assessment and the Department is working diligently to correct the issue.
Chart of Account Updates
The Department disagrees with this assessment. The Chart of Accounts (COA) errors were due to OFM giving the Department the incorrect EA schedule. The 23-25 Biennium EA schedule released from OFM on 06/21/2023 showed the appropriation as 984, which was incorrect. The Departments’ coding structure was set up based on the initial EA schedule provided by OFM. The EA schedule that was released on 10/18/2023 had the correct appropriation of 985. The Department had already set up the COA with incorrect appropriation. After receiving the new EA schedule in October, the Department had to set up all new master index codes with the correct appropriation and JV all expenditures from the old master index codes to the new ones. Therefore, in order to change the existing COA to the correct COA structure with the new EA schedule, the Department had to update the COA structure outside of normal procedures. The Department tracked changes via excel spreadsheets and developed additional internal control processes due to the nature of changes made outside of normal procedures. The Department addressed the COA errors as timely as possible.
Auditor’s Remarks
Daily Manual Reconciliation
We appreciate the Department acknowledging that the system was not generating a report with the correct criteria for 20 days. In addition to this issue, we found three (13%) of the 24 days tested outside of this period were also not reconciled.
Chart of Account Updates
While changes to the COA that resulted in some of the errors were made at the direction of OFM, it was not the cause for all issues identified in the audit. We reaffirm the lack of internal controls within the Department over COA updates resulted in incorrect draw amounts.
We reaffirm our finding and will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 31 CFR Part 205.33, How are funds transfers processed?, states in part:
A state must minimize the time between the Drawdown of Federal Funds from the Federal government and their disbursement for Federal Program Purposes. A federal Program Agency must limit a fund transfer to a State to the minimum amount needed by the State and must time the disbursement to be in accord with the actual, immediate cash requirements of the State in carrying out a federal assistance program or project. The timing and amount of funds transfers must be close as is administratively feasible to a State’s actual cash outlay for direct program costs and proportionate share of any allowable indirect costs. States should exercise sound cash management in funds transfers to subgrantees in accordance with OMB Circular A-102 (For availability, see 5 CFR 1310.3)
CDC General Terms and Conditions for Research Grant and Cooperative Agreements, states in part:
Annual Federal Financial Report (FFR, SF-425): The Annual Federal Financial Report (FFR) SF- 425 is required and must be submitted no later than 90 days after the end of the budget period in the Payment Management System.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-034 The Department of Health did not have adequate internal controls to ensure it filed on-time reports required by the Federal Funding Accountability and Transparency Act for the Immunization Cooperative Agreements program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02
6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-045
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million of vaccines as noncash assistance from the federal grantor.
The Federal Funding Accountability and Transparency Act (Act) requires the Department to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower those with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
When the Department makes a new subaward or amendment, staff update a spreadsheet throughout the month with the subaward information required for reporting. Staff then send the spreadsheet to management for approval before submitting the report. The Department was required to report 16 subawards and amendments in fiscal year 2024, totaling $1,316,302.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the Immunization program. The prior finding numbers were 2023-045 and 2022-032.
Description of Condition
The Department did not have adequate internal controls to ensure it filed on-time reports required by the Act for the Immunization program.
During the audit period, the Department’s process for filing FFATA reports started with a Fiscal Analyst maintaining a spreadsheet throughout the month with the subaward information required for reporting. Management reviewed the spreadsheet and asked the Fiscal Analyst to approve the submission of the report. We used a nonstatistical sampling method to randomly select and examine management approvals for five of the 12 spreadsheets that corresponded with each month in the state fiscal year. We found that two of the five months (40%) did not have management approval.
We used a nonstatistical sampling method to randomly select and examine nine out of the 16 total subawards and amendments the Department was required to report during the state fiscal year. We found that the Department reported four of the six subawards and amendments (67%) late.
We consider these internal control deficiencies to be a material weakness.
Cause of Condition
The Department did not retain documentation to support management review and approval of the monthly FFATA worksheets. Additionally, Department management asserted the late submission of the report for the four subawards was because the contract account coding for the Department’s accounting system was not created at the time of the contract execution. The Department’s process requires this coding to identify reportable information such as the grant Federal Award Identification Number. As soon as the coding information is updated, staff can then submit the items to FSRS.
Effect of Condition
Without performing an adequate review, management cannot ensure the Department submits accurate, complete and on-time reports. Further, failing to submit reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Lastly, the federal award’s terms and conditions allow the grantor to penalize the Department for noncompliance by suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Ensure it documents management reviews in writing and retains them for audit review
• Review its FFATA reporting procedure to ensure it submits reports on time
Department’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current process to ensure timely review and submission of the FFATA reports.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a) Reporting of first-tier subawards.
Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.)
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-035 The Department of Health did not have adequate internal controls to ensure providers maintained immunization records, control, accountability and safeguarding of vaccines for the Immunization Cooperative Agreements Program.
Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements
93.268 COVID-19 Immunization Cooperative Agreements
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 5 NH23IP922619-02-00; 6 NH23IP922619-02-03
6 NH23IP922619-02-04; 6 NH23IP922619-02-06
6 NH23IP922619-04-01; 5 NH23IP922619-05-00
6 NH23IP922619-05-01; 6 NH23IP922619-05-02 6 NH23IP922619-05-03; 6 NH23IP922619-05-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Known Questioned Cost Amount: Special Tests and Provisions – Control, Accountability, and Safeguarding of Vaccines
Special Tests and Provisions – Record of Immunization
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The Department of Health administers the Immunization Cooperative Agreements (Immunization) program. The objective of the program is to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. The program places emphasis on populations at highest risk for under-immunization and disease, including children eligible under the Vaccines for Children (VFC) program. In fiscal year 2024, the Department spent more than $41.7 million in federal program funds, about $11.3 million of which it disbursed to subrecipients. The Department also received more than $110.5 million of vaccines as noncash assistance from the federal grantor.
The Department works with providers that administer vaccines to eligible children. The Department is required to ensure providers comply with the requirements of the VFC program. This includes ensuring vaccines are adequately safeguarded, used solely for authorized purposes and are only administered to VFC program-eligible children.
The U.S. Centers for Disease Control and Prevention requires the Department to conduct site visits of each provider once every 24 months. Additionally, the Department reviews monthly reports for vaccine doses administered outside the age range (DOAR), vaccine storage temperature logs and inventory reconciliation reports before approving vaccine orders to ensure providers are compliant with these VFC requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding program requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure providers maintained immunization records, control, accountability and safeguarding of vaccines for the Immunization Program.
On-site Visits
We used a nonstatistical sampling method to randomly select 56 providers that received a site visit out of the total 502 provider visits completed during the state fiscal year. We found that the Department conducted two (3.6%) provider site visits about two months after the 24-month period.
Ongoing Monitoring
The Department uses a tracking spreadsheet to document the review of the DOAR report, temperature logs and inventory reconciliation report along with any necessary follow-up with providers before approving vaccine orders. We used a statistical sampling method and randomly selected 57 providers out of a total of 570 and examined the review of the submitted reports. We found the Department did not review the DOAR report for two providers (3.5%) and did not track subsequent follow-up on corrective measures in the spreadsheet. Further, we found four providers (7%) had issues on its DOAR report, but the Department approved vaccine orders without receiving the provider’s questionnaire to address the deficiency noted in the report. We did not identify any issues for the temperature logs or the inventory reconciliation reports.
We consider these internal control deficiencies to be a significant deficiency, which did not lead to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said excessive staff workload and providers’ requests to delay visits resulted in the Department not completing on-site visits within the required 24 months.
Department management said that inadequate ongoing monitoring of the reports was due to staff oversight.
Effect of Condition
Without conducting on-site visits every 24 months and without adequate review of the DOAR report and the questionnaire response, the Department risks approving vaccine orders for providers that may not be compliant with VFC program requirements.
By not ensuring it completes on-site visits every 24 months and properly performs reviews of reports, the Department could be subject to sanctions by the grantor.
Recommendations
We recommend the Department ensure:
• That it conducts compliance visits every 24 months
• That it adequately reviews the DOAR report and completes follow-up procedures according to internal policies and procedures
Authority’s Response
We appreciate the State Auditor’s Office audit of the immunization grant. DOH is committed to ensuring our programs comply with federal regulations. The Department has already taken steps to evaluate current processes to ensure providers maintain immunization records, control, accountability and safeguarding of vaccines for the Immunization Program.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Center for Disease Control and Prevention Vaccines for Children Operations Guide, Page 57 states in part:
Requirement: Awardees must conduct and record VFC compliance site visits, covering areas of provider details, eligibility, documentation, storage and handling (per unit and sitewide), and inventory management with each VFC provider every 24 months.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-036 The Department of Health did not have adequate internal controls over cash management and allowable cost requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Too numerous to list
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Known Questioned Cost Amount: $298,415
Prior Year Audit Finding: N/A
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024.
The ELC program is subject to the Cash Management Improvement Act (CMIA) and is included in the Treasury-State Agreement for Washington. The primary purpose of the CMIA agreement is to ensure states request federal funds when they are needed so that no interest is gained or lost by either the federal or state governments. The agreement specifies the funding technique the Department should use when requesting federal funds. The Department shall draw funds semi-monthly, according to the state payroll schedule.
The Department maintains the Grant Management System (GMS) that is used to calculate cash draw amounts. The Department also utilizes the Cost Allocation System (CAS) to calculate indirect costs associated with expenditures. The Department uses these systems as agency-wide tools to manage all its federal grants. Daily, federal grant revenue and expenditures are automatically uploaded from the Department’s accounting system into its AFRS Data Distribution Services (ADDS) database. Department staff can pull data from ADDS by running queries in GMS and CAS.
To ensure that the data is properly uploaded, Department staff perform a manual reconciliation between ADDS and the accounting system every workday. The Department also maintains a chart of accounts (COA) system that feeds coding information into GMS and CAS to instruct these systems how to allocate grant expenditures.
Department staff generate a Grant Draw Report from GMS that provides the necessary information to complete a cash draw. This report includes calculations for the cash draw amount performed by GMS, as well as indirect costs calculated by CAS, using expenditure and revenue data received from the ADDS system.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over cash management and allowable cost requirements for the ELC program.
Since the Department’s internal controls reviewed are a centralized process, our testing included all its federal programs we reviewed for this audit.
Daily Manual Reconciliation
We used a statistical sampling method to randomly select and examine 24 out of a total population of 250 workdays during the fiscal year. We found that the Department did not complete a reconciliation of the accounting system and ADDS data for three of the 24 days (13%). We also determined that the daily reconciliation included reconciling expenditure data, but not revenue data. Apart from the three instances, our testing discovered that incorrect reporting criteria was used for ADDS reporting, resulting in blank ADDS reports being generated from the system for the first 20 days of fiscal year 2024.
GMS Automated Draw Calculation
We judgmentally selected three cash draws and found the following issues:
• One instance in which the GMS incorrectly calculated the draw amount, resulting in an overdraw of $145,103
• Expenditures charged to valid program project codes did not show on the GMS draw report, resulting in funds being underdrawn by $700,819
• Indirect expenditures were incorrect in the GMS resulting in an overdraw of $153,312
We also examined the Department’s controls over updating the COA to determine if the coding associated with each award entered in GMS and CAS was accurate. Our review found:
• Users could update the COA without review or approval directly in the COA system
• There was no formal process to track the identification and resolution of COA coding errors
• The Department did not correct COA coding errors in a timely manner
• The COA system did not produce and retain audit logs of changes made
These issues are also noted in finding 2024-033.
Cash Management Improvement Act Testing
The CMIA for the ELC program states that cash draws are to be made one day before scheduled pay days throughout the year. We reviewed the timing of ELC cash draws made during the fiscal year to ensure they were in keeping with CMIA timing requirements. We determined that for expenditures incurred in fiscal year 2024, no cash draws were made during the first five payroll periods of the year. We also identified nine cash draws that correspond to a payroll period, but were not made one day before the scheduled pay day as the CMIA requires. Additionally, there was one cash draw that we determined to be noncompliant as it was in the middle of a payroll period.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
These issues were not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate internal controls to ensure the data used to complete cash draws was accurate and complete and that the timing of draws was in compliance with the CMIA requirements. The Department also does not have adequate controls in place to detect coding errors that would result in incorrect data being input and pulled from the GMS and CAS. Coding errors in the chart of accounts resulted in indirect expenditures being overcharged to the grant. The Department was unable to provide an explanation as to the cause of the chart of account errors.
The Department was not able to provide an explanation for why GMS incorrectly calculated the cash draw amount.
Effect of Condition and Questioned Costs
By not implementing adequate internal controls, the Department overdrew indirect expenditures by $298,415, which we are reporting as questioned costs. Overdraws can result in the Department having to repay the grantor.
Violations of the CMIA can result in the grantor denying the state payment or credit for the resulting federal interest liability or other sanctions. Delaying federal draw-down requests also results in state funds being advanced longer than necessary and potentially losing interest revenue for the state.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Department ensure it:
• Performs daily reconciliations between ADDS and AFRS
• Has adequate internal controls in place over the updating of the chart of accounts
• Has adequate controls in place to properly calculate cash draw amounts in GMS
• Performs cash draws on the schedule specified in the CMIA agreement
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure adequate internal controls over cash management and allowable cost requirements for the ELC program, we partially disagree with SAO’s assessment of a material weakness in internal controls over the cash management and allowable cost requirements for the ELC program.
Daily Manual Reconciliation
The Department disagrees with this assessment. Our internal controls identified a concern with the ADDs reporting criteria. The Department partnered with our IT department and identified the cause of the report errors. This was corrected within the audit period which allowed us to go back to using this internal control to verify totals.
GMS Automated Draw Calculation
The Department agrees with this assessment and the Department is working diligently to correct the issue.
Chart of Account Updates
The Department disagrees with this assessment. The Chart of Accounts (COA) errors were due to OFM giving the Department the incorrect EA schedule. The 23-25 Biennium EA schedule released from OFM on 06/21/2023 showed the appropriation as 984, which was incorrect. The Departments’ coding structure was set up based on the initial EA schedule provided by OFM. The EA schedule that was released on 10/18/2023 had the correct appropriation of 985. The Department had already set up the COA with incorrect appropriation. After receiving the new EA schedule in October, the Department had to set up all new master index codes with the correct appropriation and JV all expenditures from the old master index codes to the new ones. Therefore, in order to change the existing COA to the correct COA structure with the new EA schedule, the Department had to update the COA structure outside of normal procedures. The Department tracked changes via excel spreadsheets and developed additional internal control processes due to the nature of changes made outside of normal procedures. The Department addressed the COA errors as timely as possible.
CMIA
The Department disagrees with this assessment. The Department performed draws for ELC using the prior periods MI codes. The Department spends on a first in, first out method. The Department uses the previous year’s code for all expenditures that occurred in the allowable period and the funding has a 90-day period to process all previous year’s expenditures. There will always be expenditures and draws for a previous budget year in the first couple months of the new year due to the timing of invoices and processing. The department also ensures we are drawing in line with CMIA funding techniques and the payroll cycle. The states payroll cycle results in money leaving the treasury account prior to the 10th and the 25th. DOH ensures we draw funds after the cycle has ended and by state pay dates. This ensures the state is made whole in a timely manner.
Auditor’s Remarks
Daily Manual Reconciliation
We appreciate the Department acknowledging that the system was not generating a report with the correct criteria for 20 days. In addition to this issue, we found three (13%) of the 24 days tested outside of this period were also not reconciled.
Chart of Account Updates
While changes to the COA that resulted in some of the errors were made at the direction of OFM, it was not the cause for all issues identified in the audit. We reaffirm the lack of internal controls within the Department over COA updates resulted in incorrect draw amounts.
CMIA
We agree that funding for expenditures occurring at the close of a fiscal year can be drawn during the next fiscal year due to the timing of invoices and processing. However, the Department did not complete cash draws for expenditures incurred during July and August of fiscal year 2024, as required by the CMIA. Additionally, nine cash draws completed by the Department during the fiscal year were completed earlier than allowed by the approved terms of the CMIA.
We reaffirm our finding and will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75 section 2 establishes definitions for questioned costs.
Title 45 CFR Part 75 section 403 establishes the factors affecting the allowability of costs.
Title 45 CFR Part 75 section 410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 205, Rules and Procedures for Efficient Federal-State Funds Transfers, section 11, What requirements apply to funding techniques?, states in part:
(a) A State and a Federal Program Agency must minimize the time elapsing between the transfer of funds from the United States Treasury and the State's payout of funds for Federal assistance program purposes, whether the transfer occurs before or after the payout of funds.
(b) A State and a Federal Program Agency must limit the amount of funds transferred to the minimum required to meet a State's actual and immediate cash needs.
Title 31 CFR Part 205.29, What are the State oversight and compliance responsibilities? states in part:
(d) If a State repeatedly or deliberately fails to request funds in accordance with the procedures established for its funding techniques, as set forth in § 205.11, § 205.12, or a Treasury-State agreement, we may deny the State payment or credit for the resulting Federal interest liability, notwithstanding any other provision of this part.
(e) If a State materially fails to comply with this subpart A, we may, in addition to the action described in paragraph (d) of this section, take one or more of the following actions, as appropriate under the circumstances:
(1) Deny the reimbursement of all or a part of the State's interest calculation cost claim;
(2) Send notification of the non-compliance to the affected Federal Program Agency for appropriate action, including, where appropriate, a determination regarding the impact of non-compliance on program funding;
(3) Request a Federal Program Agency or the General Accounting Office to conduct an audit of the State to determine interest owed to the Federal government, and to implement procedures to recover such interest;
(4) Initiate a debt collection process to recover claims owed to the United States; or
(5) Take other remedies legally available.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Cash Management Improvement Act (CMIA) of 2024, states in part:
6.2.4 The following are terms under which State unique funding techniques shall be implemented for all transfers of funds to which the funding technique is applied in section 6.3.2 of this Agreement.
Modified Direct Program Costs - Admin, Payroll, Payments to Providers:
The State shall request funds for all direct administrative costs and/or payroll costs, and/or payments made to providers and to support providers. The request shall be made in accordance with the appropriate Federal agency cut-off time specified in Exhibit I. The amount of the funds requested shall be based on the amount of expenditures recorded for direct administrative costs and/or payroll costs and/or payments made to providers or to support providers since the last request for funds. The State payroll cycle is payday twice a month. Draws made the day before payday are for deposit on payday. The draw request will be made in accordance with the cutoff time in Exhibit 1. The amount of the funds requested shall be based on the amount of expenditures recorded for direct administrative costs and/or payroll costs and/or payments made to providers or to support providers since the last request for funds. This funding technique is interest neutral.
6.3.2 Programs
93.323 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC)
Recipient: Department of Health
% of Funds Agency Receives: 100
Component: Admin, Payroll, Payments to Providers
Technique: Modified Direct Program Costs - Admin, Payroll, Payments to Providers
Average Day of Clearance: 0 Days
2024-037 Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable and met cost principles for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Too numerous to list
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $2,037
Prior Year Audit Finding: Yes, Finding 2023-046
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports several specific infectious disease programs and projects, and provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024, more than $20 million of which it disbursed to subrecipients.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions (LHJs) that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts and sub-subrecipients
• Administrative/indirect costs
During the audit period, LHJs submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Beginning in February 2023, program staff documented their review and approval of the reimbursement request on a spreadsheet. The spreadsheet was only used at the program level, so it was not shared with the fiscal staff to communicate approval prior to issuing payment.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior year audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding numbers were 2023-046 and 2022-033.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable and met cost principles for the ELC program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payments. As a result, the Department paid the LHJs without knowing whether these expenditures had been reviewed and approved by the program staff.
We used a nonstatistical sampling method to randomly select and examine 25 out of a total population of 280 payments to LHJs. In total, we examined $548,396 in LHJ subrecipient payments as part of the audit. Of the 25 randomly selected payments examined, we identified two payments (8%) that did not have the required supporting documentation for the subrecipients’ assigned risk level.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying LHJs without ensuring program staff reviewed and determined the payment was allowable and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes. By not ensuring LHJs submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The two payments for which the Department did not have required supporting documentation from LHJs totaled $2,037 in known questioned costs. Based on these results, we estimate the total amount of likely improper payments using federal funds to be $22,815.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Department:
• Improve internal controls to ensure it obtains adequate supporting documentation from LHJs before reimbursing them
• Improve internal controls to ensure program staff review and approve expenditures to verify they are for allowable activities prior to payment
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program ELC staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We partially agree with the exceptions and questioned costs identified. The Department did approve two payments that did not have the required supporting documentation for the subrecipients’ assigned risk level per agency policies. We disagree that these costs were unallowable as staff reviewed them to ensure they met federal cost principles for allowability. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The ELC program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The ELC program refers to the Notice of Funding Opportunity (NOFO), posted guidance, notice of award (NOA), as well as 2 CFR 200, to determine allowable costs, purchase, and procurement procedures.
• The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The ELC program provides technical assistance, policies, and training to ELC subrecipients related to both allowability and compliance.
• The ELC program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
Additionally, the agency utilizes a risk-based approach to ensuring payment requests are adequately supported. Without adhering to the support requirements for high risk subrecipients, the Department cannot reasonably ensure that payments made to that subrecipient are allowable.
We reaffirm our finding and will follow-up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/2022
This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category.
Expenditure Category Low-Risk Moderate-Risk High-Risk
Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages
• Hours worked
Example:
Salary
Bob Smith $5,324.75
Ann Brown $1,245.52
Example:
Salary
Bob Smith $5,324.75
Ann Brown $1,245.52
Example:
Salary
Bob Smith
$5,324.75 (168 hrs.)
Ann Brown
$1,245.52 (34 hrs.)
Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items.
Equipment ($5,000 or more) A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report with DOH preapproval. A-19 and a detailed GL expenditure report with DOH preapproval and copy of the invoice.
Materials and Supplies A-19 and a detailed GL expenditure report A-19 and a detailed GL expenditure report.
Copies of invoices for transactions over $2,500.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and a detailed GL expenditure report.
Copies of invoices for transactions over $1,000.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation.
Outreach Materials
All outreach materials must be allowable according to grant terms and conditions. A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of $2,500. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of $1,000:
AND
• Sample of Outreach materials
Meals A-19 and a detailed GL expenditure report and receipt. A-19 and a detailed GL expenditure report with receipt and number of participants or meeting invite. A-19 and a detailed GL expenditure report with receipt, number of participants and sign in roster.
Travel A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report and purpose of travel. A-19 and a detailed GL expenditure report and purpose of travel:
AND
• Pre-approval for out of state travel.
Training A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report and receipt for training. A-19 and a detailed GL expenditure report and receipt for training:
AND
• Agenda
Contracts
(If the DOH subrecipient is contracting out with an agency to perform work charged to the grant) A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $5,000. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $1,000.
Sub-Sub recipients
(If the DOH subrecipient is passing funds through to another agency as a subrecipient) A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over $5,000 with a detailed GL report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over $1,000 with a detailed GL report.
NOTE: Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
• If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2024-038 The Department of Health did not have adequate internal controls over and did not comply with suspension and debarment requirements for Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-04; NU50CK000515-02-07; NU50CK000515-05-00; NU50CK000515-05-05; NU50CK000515-01-08; NU50CK000515-02-04;
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-047
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with suspension and debarment requirements for the ELC program. The prior finding number was 2023-047.
Description of Condition
The Department did not have adequate internal controls over and did not comply with suspension and debarment requirements for the ELC program.
During the fiscal year, the ELC program had 27 newly executed contracts that required a suspension and debarment check. We used a non-statistical sampling method to randomly select and examine eight out of a population of 27 contracts. We found the Department did not include suspension and debarment language and did not perform a suspension and debarment check for two contracts with Educational Service Districts (ESDs) and one vendor contract (38%).
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department used contracts that did not include suspension and debarment language and did not document a suspension and debarment check in the System for Award Management. The Department did not have adequate management oversight to ensure the ESD contracts received the required suspension and debarment checks or that corrective actions were completed timely.
During the audit, the Department informed us that system changes to ensure that ESDs are correctly identified as subrecipients were not complete by July 2023, as stated in the Department’s corrective action plan for the prior finding.
Effect of Condition
By not performing suspension and debarment checks, the Department cannot ensure all its contractors and subrecipients are allowed to receive federal funds. Without proper checks, the Department could be required to repay the grantor for any payments made to a contractor or subrecipient that is suspended or disbarred.
We verified that none of the eight sampled entities were suspended or debarred and therefore will not question costs.
Recommendation
We recommend the Department establish adequate internal controls to ensure it completes the required suspension and debarment checks before entering into contracts with subrecipients and contractors that will receive $25,000 or more in federal funds.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations.
During the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and no suspension & debarment check was performed at the time. DOH implemented and corrected this error moving forward with ESD and Vendor contracts as of January 2024, the middle of the next audit cycle. Therefore, the corrections will not be reflected in contracts executed prior to that time frame.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 213, Suspension and debarment, states:
Non-federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR parts 180 and 376. These regulations restrict awards, subawards and contracts with certain parties that are debarred, suspended or otherwise excluded from or ineligible for participation in Federal assistance programs or activities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-039 The Department of Health did not have adequate internal controls over and did not comply with reporting requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases Program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-04; NU50CK000515-02-07; NU50CK000515-05-00; NU50CK000515-05-05; NU50CK000515-01-08; NU50CK000515-02-04;
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-048
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024.
During the audit period, the Department was required to submit various reports to the Centers for Disease Control and Prevention (CDC) for two ELC projects: Enhancing Detection and Enhancing Detection Expansion.
The Department submits quarterly fiscal reports in REDCap, a web-based system used by the CDC to collect data. Reports summarize total quarterly expenses, including salaries, fringe benefits, equipment, travel, supplies and contractual payments.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program. The prior finding numbers were 2023-048 and 2022-034.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program.
Quarterly financial reporting of expenditures and unpaid obligations is required for the Enhancing Detection and Enhancing Detection Expansion projects. The Department submits these reports quarterly in REDCap. Before submission, management reviews the reports and supporting documentation to ensure they are accurate and complete. We examined all 16 reports required during the audit period. Three (18.75%) of the reports were not accurate and complete. Specifically, we found:
• The Department did not submit one report, with almost $27 million in expenditures, in REDCap
• One report underreported $263,827 (1.5%) in expenditures in REDCap
• One report had the correct expenditure total in aggregate; however, amounts in specific categories did not match the category totals in the accounting records
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Department implemented a review process to correct the prior year finding, management did not ensure the Department submitted all reports to REDCap, and the reviews were inadequate for detecting the errors our audit identified.
Effect of Condition
By not ensuring management adequately reviewed quarterly reports, the Department did not ensure it submitted reports and that they were accurate and complete.
Recommendation
We recommend the Department establish and follow effective internal controls to ensure it submits reports and that they are accurate and complete.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current process to ensure submitted reports are accurate and complete.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 341, Financial reporting, describes the requirements for auditees to submit financial reports.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-040 The Department of Health did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Too numerous to list
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-050
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024, more than $20 million of which it disbursed to subrecipients.
Federal regulations require the Department to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial reports and taking timely and appropriate action on all deficiencies pertaining to the federal award.
The Department assigns each subrecipient a compliance risk level based on standardized criteria. The Department’s Fiscal Monitoring Unit (FMU) conducts on-site fiscal reviews of each subrecipient every two years. This review includes all federal awards the subrecipient received from the Department for the period under review. Reviewers complete a standardized template to document their work. Using the subrecipient’s reimbursement requests, reviewers judgmentally determine how many samples of payroll expenditures and contractor payments to review to ensure there is adequate source documentation. Reviewers also look at internal controls over processes and examine specific award and contract requirements to ensure the subrecipient was in compliance with these requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding numbers were 2023-050 and 2022-033.
Description of Condition
The Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the ELC program.
The Department did not accurately identify all of their subrecipients. We requested a list of all contracted subrecipients for the state fiscal year 2024 period. This list did not include nine Educational Service Districts (ESDs) that the Department contracted with as subrecipients. The contracts for these educational service districts did not contain required subaward information in accordance with 45 CFR 75.352.
Additionally, the Department did not complete fiscal reviews for its subrecipients. We identified 35 subrecipients with consolidated contracts, and 20 subrecipients with non-consolidated contracts for a total of 55. Of these, we determined there was no fiscal monitoring performed for the 20 subrecipients with non-consolidated contracts. We also found that fiscal monitoring did not occur for two of the subrecipients with consolidated contracts. This resulted in 40% of subrecipients not receiving fiscal monitoring.
We consider these internal control deficiencies to be material weaknesses, which led to material noncompliance.
Cause of Condition
The Department believed that ESDs are an extension of the Office of Superintendent of Public Instruction and therefore entered into interagency agreements instead of subawards. This resulted in them being omitted from subrecipient fiscal monitoring tracking. These interagency agreements also do not have the DOH Contract Subrecipient Statement of Work included in them, which is used to communicate required federal subaward information to subrecipients.
Additionally, we were informed by the Department that there were significant staff shortages in the Fiscal Monitoring Unit in state fiscal year 2024, and that the timing of reviews had to be modified based on capacity.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department does not have reasonable assurance that the subrecipient has complied with the terms and conditions of the subaward.
Recommendation
We recommend that the Department:
• Ensure all subrecipient contracts are identified correctly and include the appropriate templated language
• Identify and track all subrecipients
• Strengthen internal controls to ensure that fiscal monitoring is completed timely for all subrecipients
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current processes to ensure compliance with fiscal monitoring requirements for the ELC program. DOH had significant staff shortages in the Fiscal Monitoring Unit in SFY2024. Due to the shortage, we had to modify our reviews to ensure programs with a federal requirement for timing of monitoring visits were met (WIC and HIV). We then completed additional reviews based on capacity.
In addition, during the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and therefore some fiscal monitoring reviews were not performed. DOH implemented and corrected this error moving forward with ESD and Vendor contracts as of January 2024, the middle of the next audit cycle. Therefore, the corrections will not be reflected in contracts executed prior to that time frame.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-041 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Epidemiology and Laboratory Capacity for Infectious Diseases program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-04; NU50CK000515-02-07; NU50CK000515-05-00; NU50CK000515-05-05; NU50CK000515-01-08; NU50CK000515-02-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-049
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024, about $20 million of which it disbursed to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Department uses an Excel workbook to track subrecipients’ single audits.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the ELC program received required single audits and appropriately followed up on findings and issued management decisions. The prior finding number was 2023-049.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure its subrecipients of the ELC program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Department did not have written policies or procedures over its process for tracking subrecipients’ single audits. To monitor compliance with these requirements, the Department used an Excel spreadsheet to track subrecipients’ single audits and the agency’s follow-up actions, if necessary. However, after examining the workbook, we found 13 subrecipients that required audit tracking were missing. Additionally, we found that the Department did not check for single audit requirements for one subrecipient, and that no single audit exists for that subrecipient in the federal audit clearinghouse.
During fiscal year 2024, four subrecipients received an ELC finding, which the Department documented in the tracking workbook. However, the workbook did not document any follow-up with the subrecipient or review of a corrective action plan. In addition, the Department did not issue a management decision letter for any of the findings, and the tracking spreadsheet did not document any management decisions.
We consider these internal control deficiencies to be material weaknesses, which led to material noncompliance.
Cause of Condition
There were no written procedures for the single audit tracking process. Management said there was confusion around the subrecipient single audit process, and that they were working to define the process around the monitoring requirements. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• All subrecipients receive a single audit, if required
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current processes and provide additional training to staff to monitor if DOH subrecipients of the ELC program received required single audits and take appropriate action based on those single audits. This will include DOH following up on findings and issued management decisions.
In addition, during the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and therefore some single audits were not tracked. DOH implemented and corrected this error moving forward with ESD’s and Subrecipient contracts as of January 2024, the middle of the next audit cycle. Therefore, the corrections will not be reflected in contracts executed prior to that time frame.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
1. Reviewing financial and performance reports required by the pass-through entity.
2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by section 75.521.
f. Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in section 75.501.
h. Consider taking enforcement action against noncompliant subrecipients as described in section 75.371and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-036 The Department of Health did not have adequate internal controls over cash management and allowable cost requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Too numerous to list
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Cash Management
Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Known Questioned Cost Amount: $298,415
Prior Year Audit Finding: N/A
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024.
The ELC program is subject to the Cash Management Improvement Act (CMIA) and is included in the Treasury-State Agreement for Washington. The primary purpose of the CMIA agreement is to ensure states request federal funds when they are needed so that no interest is gained or lost by either the federal or state governments. The agreement specifies the funding technique the Department should use when requesting federal funds. The Department shall draw funds semi-monthly, according to the state payroll schedule.
The Department maintains the Grant Management System (GMS) that is used to calculate cash draw amounts. The Department also utilizes the Cost Allocation System (CAS) to calculate indirect costs associated with expenditures. The Department uses these systems as agency-wide tools to manage all its federal grants. Daily, federal grant revenue and expenditures are automatically uploaded from the Department’s accounting system into its AFRS Data Distribution Services (ADDS) database. Department staff can pull data from ADDS by running queries in GMS and CAS.
To ensure that the data is properly uploaded, Department staff perform a manual reconciliation between ADDS and the accounting system every workday. The Department also maintains a chart of accounts (COA) system that feeds coding information into GMS and CAS to instruct these systems how to allocate grant expenditures.
Department staff generate a Grant Draw Report from GMS that provides the necessary information to complete a cash draw. This report includes calculations for the cash draw amount performed by GMS, as well as indirect costs calculated by CAS, using expenditure and revenue data received from the ADDS system.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over cash management and allowable cost requirements for the ELC program.
Since the Department’s internal controls reviewed are a centralized process, our testing included all its federal programs we reviewed for this audit.
Daily Manual Reconciliation
We used a statistical sampling method to randomly select and examine 24 out of a total population of 250 workdays during the fiscal year. We found that the Department did not complete a reconciliation of the accounting system and ADDS data for three of the 24 days (13%). We also determined that the daily reconciliation included reconciling expenditure data, but not revenue data. Apart from the three instances, our testing discovered that incorrect reporting criteria was used for ADDS reporting, resulting in blank ADDS reports being generated from the system for the first 20 days of fiscal year 2024.
GMS Automated Draw Calculation
We judgmentally selected three cash draws and found the following issues:
• One instance in which the GMS incorrectly calculated the draw amount, resulting in an overdraw of $145,103
• Expenditures charged to valid program project codes did not show on the GMS draw report, resulting in funds being underdrawn by $700,819
• Indirect expenditures were incorrect in the GMS resulting in an overdraw of $153,312
We also examined the Department’s controls over updating the COA to determine if the coding associated with each award entered in GMS and CAS was accurate. Our review found:
• Users could update the COA without review or approval directly in the COA system
• There was no formal process to track the identification and resolution of COA coding errors
• The Department did not correct COA coding errors in a timely manner
• The COA system did not produce and retain audit logs of changes made
These issues are also noted in finding 2024-033.
Cash Management Improvement Act Testing
The CMIA for the ELC program states that cash draws are to be made one day before scheduled pay days throughout the year. We reviewed the timing of ELC cash draws made during the fiscal year to ensure they were in keeping with CMIA timing requirements. We determined that for expenditures incurred in fiscal year 2024, no cash draws were made during the first five payroll periods of the year. We also identified nine cash draws that correspond to a payroll period, but were not made one day before the scheduled pay day as the CMIA requires. Additionally, there was one cash draw that we determined to be noncompliant as it was in the middle of a payroll period.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
These issues were not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate internal controls to ensure the data used to complete cash draws was accurate and complete and that the timing of draws was in compliance with the CMIA requirements. The Department also does not have adequate controls in place to detect coding errors that would result in incorrect data being input and pulled from the GMS and CAS. Coding errors in the chart of accounts resulted in indirect expenditures being overcharged to the grant. The Department was unable to provide an explanation as to the cause of the chart of account errors.
The Department was not able to provide an explanation for why GMS incorrectly calculated the cash draw amount.
Effect of Condition and Questioned Costs
By not implementing adequate internal controls, the Department overdrew indirect expenditures by $298,415, which we are reporting as questioned costs. Overdraws can result in the Department having to repay the grantor.
Violations of the CMIA can result in the grantor denying the state payment or credit for the resulting federal interest liability or other sanctions. Delaying federal draw-down requests also results in state funds being advanced longer than necessary and potentially losing interest revenue for the state.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Department ensure it:
• Performs daily reconciliations between ADDS and AFRS
• Has adequate internal controls in place over the updating of the chart of accounts
• Has adequate controls in place to properly calculate cash draw amounts in GMS
• Performs cash draws on the schedule specified in the CMIA agreement
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure adequate internal controls over cash management and allowable cost requirements for the ELC program, we partially disagree with SAO’s assessment of a material weakness in internal controls over the cash management and allowable cost requirements for the ELC program.
Daily Manual Reconciliation
The Department disagrees with this assessment. Our internal controls identified a concern with the ADDs reporting criteria. The Department partnered with our IT department and identified the cause of the report errors. This was corrected within the audit period which allowed us to go back to using this internal control to verify totals.
GMS Automated Draw Calculation
The Department agrees with this assessment and the Department is working diligently to correct the issue.
Chart of Account Updates
The Department disagrees with this assessment. The Chart of Accounts (COA) errors were due to OFM giving the Department the incorrect EA schedule. The 23-25 Biennium EA schedule released from OFM on 06/21/2023 showed the appropriation as 984, which was incorrect. The Departments’ coding structure was set up based on the initial EA schedule provided by OFM. The EA schedule that was released on 10/18/2023 had the correct appropriation of 985. The Department had already set up the COA with incorrect appropriation. After receiving the new EA schedule in October, the Department had to set up all new master index codes with the correct appropriation and JV all expenditures from the old master index codes to the new ones. Therefore, in order to change the existing COA to the correct COA structure with the new EA schedule, the Department had to update the COA structure outside of normal procedures. The Department tracked changes via excel spreadsheets and developed additional internal control processes due to the nature of changes made outside of normal procedures. The Department addressed the COA errors as timely as possible.
CMIA
The Department disagrees with this assessment. The Department performed draws for ELC using the prior periods MI codes. The Department spends on a first in, first out method. The Department uses the previous year’s code for all expenditures that occurred in the allowable period and the funding has a 90-day period to process all previous year’s expenditures. There will always be expenditures and draws for a previous budget year in the first couple months of the new year due to the timing of invoices and processing. The department also ensures we are drawing in line with CMIA funding techniques and the payroll cycle. The states payroll cycle results in money leaving the treasury account prior to the 10th and the 25th. DOH ensures we draw funds after the cycle has ended and by state pay dates. This ensures the state is made whole in a timely manner.
Auditor’s Remarks
Daily Manual Reconciliation
We appreciate the Department acknowledging that the system was not generating a report with the correct criteria for 20 days. In addition to this issue, we found three (13%) of the 24 days tested outside of this period were also not reconciled.
Chart of Account Updates
While changes to the COA that resulted in some of the errors were made at the direction of OFM, it was not the cause for all issues identified in the audit. We reaffirm the lack of internal controls within the Department over COA updates resulted in incorrect draw amounts.
CMIA
We agree that funding for expenditures occurring at the close of a fiscal year can be drawn during the next fiscal year due to the timing of invoices and processing. However, the Department did not complete cash draws for expenditures incurred during July and August of fiscal year 2024, as required by the CMIA. Additionally, nine cash draws completed by the Department during the fiscal year were completed earlier than allowed by the approved terms of the CMIA.
We reaffirm our finding and will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75 section 2 establishes definitions for questioned costs.
Title 45 CFR Part 75 section 403 establishes the factors affecting the allowability of costs.
Title 45 CFR Part 75 section 410 establishes requirements for the collection of unallowable costs.
Title 31 CFR Part 205, Rules and Procedures for Efficient Federal-State Funds Transfers, section 11, What requirements apply to funding techniques?, states in part:
(a) A State and a Federal Program Agency must minimize the time elapsing between the transfer of funds from the United States Treasury and the State's payout of funds for Federal assistance program purposes, whether the transfer occurs before or after the payout of funds.
(b) A State and a Federal Program Agency must limit the amount of funds transferred to the minimum required to meet a State's actual and immediate cash needs.
Title 31 CFR Part 205.29, What are the State oversight and compliance responsibilities? states in part:
(d) If a State repeatedly or deliberately fails to request funds in accordance with the procedures established for its funding techniques, as set forth in § 205.11, § 205.12, or a Treasury-State agreement, we may deny the State payment or credit for the resulting Federal interest liability, notwithstanding any other provision of this part.
(e) If a State materially fails to comply with this subpart A, we may, in addition to the action described in paragraph (d) of this section, take one or more of the following actions, as appropriate under the circumstances:
(1) Deny the reimbursement of all or a part of the State's interest calculation cost claim;
(2) Send notification of the non-compliance to the affected Federal Program Agency for appropriate action, including, where appropriate, a determination regarding the impact of non-compliance on program funding;
(3) Request a Federal Program Agency or the General Accounting Office to conduct an audit of the State to determine interest owed to the Federal government, and to implement procedures to recover such interest;
(4) Initiate a debt collection process to recover claims owed to the United States; or
(5) Take other remedies legally available.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
The Cash Management Improvement Act (CMIA) of 2024, states in part:
6.2.4 The following are terms under which State unique funding techniques shall be implemented for all transfers of funds to which the funding technique is applied in section 6.3.2 of this Agreement.
Modified Direct Program Costs - Admin, Payroll, Payments to Providers:
The State shall request funds for all direct administrative costs and/or payroll costs, and/or payments made to providers and to support providers. The request shall be made in accordance with the appropriate Federal agency cut-off time specified in Exhibit I. The amount of the funds requested shall be based on the amount of expenditures recorded for direct administrative costs and/or payroll costs and/or payments made to providers or to support providers since the last request for funds. The State payroll cycle is payday twice a month. Draws made the day before payday are for deposit on payday. The draw request will be made in accordance with the cutoff time in Exhibit 1. The amount of the funds requested shall be based on the amount of expenditures recorded for direct administrative costs and/or payroll costs and/or payments made to providers or to support providers since the last request for funds. This funding technique is interest neutral.
6.3.2 Programs
93.323 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC)
Recipient: Department of Health
% of Funds Agency Receives: 100
Component: Admin, Payroll, Payments to Providers
Technique: Modified Direct Program Costs - Admin, Payroll, Payments to Providers
Average Day of Clearance: 0 Days
2024-037 Department of Health did not have adequate internal controls to ensure payments to subrecipients were allowable and met cost principles for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Too numerous to list
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs / Cost Principles
Subrecipient Monitoring
Known Questioned Cost Amount: $2,037
Prior Year Audit Finding: Yes, Finding 2023-046
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports several specific infectious disease programs and projects, and provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024, more than $20 million of which it disbursed to subrecipients.
To help carry out the program’s objectives, the Department issues consolidated contracts to Local Health Jurisdictions (LHJs) that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs.
Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories:
• Salaries and benefits
• Equipment ($5,000 or more)
• Materials and supplies
• Meals
• Outreach materials
• Travel
• Training
• Contracts and sub-subrecipients
• Administrative/indirect costs
During the audit period, LHJs submitted invoices to the Department’s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved.
Beginning in February 2023, program staff documented their review and approval of the reimbursement request on a spreadsheet. The spreadsheet was only used at the program level, so it was not shared with the fiscal staff to communicate approval prior to issuing payment.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior year audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding numbers were 2023-046 and 2022-033.
Description of Condition
The Department did not have adequate internal controls to ensure payments to subrecipients were allowable and met cost principles for the ELC program.
Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, and included required supporting documentation. However, program staff did not communicate their approval to the accounting unit that issues payments. As a result, the Department paid the LHJs without knowing whether these expenditures had been reviewed and approved by the program staff.
We used a nonstatistical sampling method to randomly select and examine 25 out of a total population of 280 payments to LHJs. In total, we examined $548,396 in LHJ subrecipient payments as part of the audit. Of the 25 randomly selected payments examined, we identified two payments (8%) that did not have the required supporting documentation for the subrecipients’ assigned risk level.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
The Department’s established procedures allowed for paying LHJs without ensuring program staff reviewed and determined the payment was allowable and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes. By not ensuring LHJs submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward’s terms and conditions.
The two payments for which the Department did not have required supporting documentation from LHJs totaled $2,037 in known questioned costs. Based on these results, we estimate the total amount of likely improper payments using federal funds to be $22,815.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Department:
• Improve internal controls to ensure it obtains adequate supporting documentation from LHJs before reimbursing them
• Improve internal controls to ensure program staff review and approve expenditures to verify they are for allowable activities prior to payment
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department partially concurs with the finding.
While the Department has taken steps to ensure payments to providers contain proper support in line with our A19 matrix for risk assessed of our subrecipients, we continue to disagree with SAO’s assessment of a material weakness in internal controls over the consolidated contract provider payment process. As noted in the finding, program staff document their review and approval of consolidated contract reimbursement requests. If the payment has no issues or concerns, the total payment is logged in a spreadsheet with documented review and approval to denote no issues and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup or an error, program ELC staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question.
The defined process of consolidated contract payments has been in place for well over a decade and was implemented in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs.
We partially agree with the exceptions and questioned costs identified. The Department did approve two payments that did not have the required supporting documentation for the subrecipients’ assigned risk level per agency policies. We disagree that these costs were unallowable as staff reviewed them to ensure they met federal cost principles for allowability. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments:
• The ELC program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted.
• The ELC program refers to the Notice of Funding Opportunity (NOFO), posted guidance, notice of award (NOA), as well as 2 CFR 200, to determine allowable costs, purchase, and procurement procedures.
• The Fiscal Monitoring Unit provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding.
• The ELC program provides technical assistance, policies, and training to ELC subrecipients related to both allowability and compliance.
• The ELC program has continued to strengthen processes to ensure that the backup documentation received is in alignment with the agency’s documentation matrix for sub-recipients per their risk level.
Auditor’s Remarks
While management has implemented a procedure for program staff to document their review and approval of subrecipient reimbursement requests, this approval is not communicated to fiscal staff before payments are issued. As a result, approval is assumed and not verified by fiscal staff when no response is received from the program staff. The amount of supporting documentation submitted by a subrecipient utilizing consolidated contracts is extensive and often covers multiple reimbursement requests for more than one federally funded program. In our judgment, this increases the risk that a proper review is not performed before payments are issued.
Additionally, the agency utilizes a risk-based approach to ensuring payment requests are adequately supported. Without adhering to the support requirements for high risk subrecipients, the Department cannot reasonably ensure that payments made to that subrecipient are allowable.
We reaffirm our finding and will follow-up on the Department’s corrective action during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington State Department of Health A-19 Documentation Matrix
Approved by FMU 7/1/2022
This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category.
Expenditure Category Low-Risk Moderate-Risk High-Risk
Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information:
• Employee name
• Salaries & Wages
• Hours worked
Example:
Salary
Bob Smith $5,324.75
Ann Brown $1,245.52
Example:
Salary
Bob Smith $5,324.75
Ann Brown $1,245.52
Example:
Salary
Bob Smith
$5,324.75 (168 hrs.)
Ann Brown
$1,245.52 (34 hrs.)
Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items. Benefits $1,750.35
Note: Salaries and benefits must be broken out as separate line items.
Equipment ($5,000 or more) A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report with DOH preapproval. A-19 and a detailed GL expenditure report with DOH preapproval and copy of the invoice.
Materials and Supplies A-19 and a detailed GL expenditure report A-19 and a detailed GL expenditure report.
Copies of invoices for transactions over $2,500.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and a detailed GL expenditure report.
Copies of invoices for transactions over $1,000.
Note: If the subrecipient has a petty cash fund, they must supply 100% of the supporting documentation.
Outreach Materials
All outreach materials must be allowable according to grant terms and conditions. A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of $2,500. A-19 and a detailed GL expenditure report.
Pre-approval required for all outreach materials in excess of $1,000:
AND
• Sample of Outreach materials
Meals A-19 and a detailed GL expenditure report and receipt. A-19 and a detailed GL expenditure report with receipt and number of participants or meeting invite. A-19 and a detailed GL expenditure report with receipt, number of participants and sign in roster.
Travel A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report and purpose of travel. A-19 and a detailed GL expenditure report and purpose of travel:
AND
• Pre-approval for out of state travel.
Training A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report and receipt for training. A-19 and a detailed GL expenditure report and receipt for training:
AND
• Agenda
Contracts
(If the DOH subrecipient is contracting out with an agency to perform work charged to the grant) A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $5,000. A-19 and a detailed GL expenditure report that provides:
AND
• Invoices for individual transactions over $1,000.
Sub-Sub recipients
(If the DOH subrecipient is passing funds through to another agency as a subrecipient) A-19 and a detailed GL expenditure report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over $5,000 with a detailed GL report. A-19 and a detailed GL expenditure report.
• A copy of all invoices over $1,000 with a detailed GL report.
NOTE: Indirect costs included on A19s must include verification of the following:
• Indirect plan is current and on file with DOH
• Indirect rate is being applied accurately to allowable expenditures
• If the indirect cost rate plan has expired, no indirect costs can be charged
• If the subrecipient is using 10% de minimis they must complete DOH de minimis certification
2024-038 The Department of Health did not have adequate internal controls over and did not comply with suspension and debarment requirements for Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-04; NU50CK000515-02-07; NU50CK000515-05-00; NU50CK000515-05-05; NU50CK000515-01-08; NU50CK000515-02-04;
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Suspension and Debarment
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-047
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024.
Federal regulations prohibit grant recipients from contracting with or making subawards to parties that are suspended or debarred. The grantee must verify that all contractors and subrecipients receiving $25,000 or more in federal funds have not been suspended, debarred or otherwise excluded. They may verify this by obtaining a written certification from the contractor or subrecipient or inserting a clause into the contract where the contractor or subrecipient states it is not suspended or debarred. Alternatively, the grantee may search the federal System for Award Management at SAM.gov to verify the contractor’s or subrecipient’s suspension and debarment status. This requirement must be met before entering into the contract.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with suspension and debarment requirements for the ELC program. The prior finding number was 2023-047.
Description of Condition
The Department did not have adequate internal controls over and did not comply with suspension and debarment requirements for the ELC program.
During the fiscal year, the ELC program had 27 newly executed contracts that required a suspension and debarment check. We used a non-statistical sampling method to randomly select and examine eight out of a population of 27 contracts. We found the Department did not include suspension and debarment language and did not perform a suspension and debarment check for two contracts with Educational Service Districts (ESDs) and one vendor contract (38%).
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department used contracts that did not include suspension and debarment language and did not document a suspension and debarment check in the System for Award Management. The Department did not have adequate management oversight to ensure the ESD contracts received the required suspension and debarment checks or that corrective actions were completed timely.
During the audit, the Department informed us that system changes to ensure that ESDs are correctly identified as subrecipients were not complete by July 2023, as stated in the Department’s corrective action plan for the prior finding.
Effect of Condition
By not performing suspension and debarment checks, the Department cannot ensure all its contractors and subrecipients are allowed to receive federal funds. Without proper checks, the Department could be required to repay the grantor for any payments made to a contractor or subrecipient that is suspended or disbarred.
We verified that none of the eight sampled entities were suspended or debarred and therefore will not question costs.
Recommendation
We recommend the Department establish adequate internal controls to ensure it completes the required suspension and debarment checks before entering into contracts with subrecipients and contractors that will receive $25,000 or more in federal funds.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations.
During the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and no suspension & debarment check was performed at the time. DOH implemented and corrected this error moving forward with ESD and Vendor contracts as of January 2024, the middle of the next audit cycle. Therefore, the corrections will not be reflected in contracts executed prior to that time frame.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 213, Suspension and debarment, states:
Non-federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR parts 180 and 376. These regulations restrict awards, subawards and contracts with certain parties that are debarred, suspended or otherwise excluded from or ineligible for participation in Federal assistance programs or activities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-039 The Department of Health did not have adequate internal controls over and did not comply with reporting requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases Program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-04; NU50CK000515-02-07; NU50CK000515-05-00; NU50CK000515-05-05; NU50CK000515-01-08; NU50CK000515-02-04;
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-048
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024.
During the audit period, the Department was required to submit various reports to the Centers for Disease Control and Prevention (CDC) for two ELC projects: Enhancing Detection and Enhancing Detection Expansion.
The Department submits quarterly fiscal reports in REDCap, a web-based system used by the CDC to collect data. Reports summarize total quarterly expenses, including salaries, fringe benefits, equipment, travel, supplies and contractual payments.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program. The prior finding numbers were 2023-048 and 2022-034.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the ELC program.
Quarterly financial reporting of expenditures and unpaid obligations is required for the Enhancing Detection and Enhancing Detection Expansion projects. The Department submits these reports quarterly in REDCap. Before submission, management reviews the reports and supporting documentation to ensure they are accurate and complete. We examined all 16 reports required during the audit period. Three (18.75%) of the reports were not accurate and complete. Specifically, we found:
• The Department did not submit one report, with almost $27 million in expenditures, in REDCap
• One report underreported $263,827 (1.5%) in expenditures in REDCap
• One report had the correct expenditure total in aggregate; however, amounts in specific categories did not match the category totals in the accounting records
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Department implemented a review process to correct the prior year finding, management did not ensure the Department submitted all reports to REDCap, and the reviews were inadequate for detecting the errors our audit identified.
Effect of Condition
By not ensuring management adequately reviewed quarterly reports, the Department did not ensure it submitted reports and that they were accurate and complete.
Recommendation
We recommend the Department establish and follow effective internal controls to ensure it submits reports and that they are accurate and complete.
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current process to ensure submitted reports are accurate and complete.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 341, Financial reporting, describes the requirements for auditees to submit financial reports.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-040 The Department of Health did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the Epidemiology and Laboratory Capacity for Infectious Diseases program.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Too numerous to list
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-050
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024, more than $20 million of which it disbursed to subrecipients.
Federal regulations require the Department to monitor the activities of subrecipients to ensure they use subawards for authorized purposes and in compliance with federal statutes, regulations, and the terms and conditions of the subaward. This monitoring must include reviewing financial reports and taking timely and appropriate action on all deficiencies pertaining to the federal award.
The Department assigns each subrecipient a compliance risk level based on standardized criteria. The Department’s Fiscal Monitoring Unit (FMU) conducts on-site fiscal reviews of each subrecipient every two years. This review includes all federal awards the subrecipient received from the Department for the period under review. Reviewers complete a standardized template to document their work. Using the subrecipient’s reimbursement requests, reviewers judgmentally determine how many samples of payroll expenditures and contractor payments to review to ensure there is adequate source documentation. Reviewers also look at internal controls over processes and examine specific award and contract requirements to ensure the subrecipient was in compliance with these requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the ELC program only used funds for allowable activities and met cost principles. The prior finding numbers were 2023-050 and 2022-033.
Description of Condition
The Department did not have adequate internal controls over and did not comply with fiscal monitoring requirements for the ELC program.
The Department did not accurately identify all of their subrecipients. We requested a list of all contracted subrecipients for the state fiscal year 2024 period. This list did not include nine Educational Service Districts (ESDs) that the Department contracted with as subrecipients. The contracts for these educational service districts did not contain required subaward information in accordance with 45 CFR 75.352.
Additionally, the Department did not complete fiscal reviews for its subrecipients. We identified 35 subrecipients with consolidated contracts, and 20 subrecipients with non-consolidated contracts for a total of 55. Of these, we determined there was no fiscal monitoring performed for the 20 subrecipients with non-consolidated contracts. We also found that fiscal monitoring did not occur for two of the subrecipients with consolidated contracts. This resulted in 40% of subrecipients not receiving fiscal monitoring.
We consider these internal control deficiencies to be material weaknesses, which led to material noncompliance.
Cause of Condition
The Department believed that ESDs are an extension of the Office of Superintendent of Public Instruction and therefore entered into interagency agreements instead of subawards. This resulted in them being omitted from subrecipient fiscal monitoring tracking. These interagency agreements also do not have the DOH Contract Subrecipient Statement of Work included in them, which is used to communicate required federal subaward information to subrecipients.
Additionally, we were informed by the Department that there were significant staff shortages in the Fiscal Monitoring Unit in state fiscal year 2024, and that the timing of reviews had to be modified based on capacity.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department does not have reasonable assurance that the subrecipient has complied with the terms and conditions of the subaward.
Recommendation
We recommend that the Department:
• Ensure all subrecipient contracts are identified correctly and include the appropriate templated language
• Identify and track all subrecipients
• Strengthen internal controls to ensure that fiscal monitoring is completed timely for all subrecipients
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current processes to ensure compliance with fiscal monitoring requirements for the ELC program. DOH had significant staff shortages in the Fiscal Monitoring Unit in SFY2024. Due to the shortage, we had to modify our reviews to ensure programs with a federal requirement for timing of monitoring visits were met (WIC and HIV). We then completed additional reviews based on capacity.
In addition, during the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and therefore some fiscal monitoring reviews were not performed. DOH implemented and corrected this error moving forward with ESD and Vendor contracts as of January 2024, the middle of the next audit cycle. Therefore, the corrections will not be reflected in contracts executed prior to that time frame.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-041 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the Epidemiology and Laboratory Capacity for Infectious Diseases program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases
93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: NU50CK000515-05-04; NU50CK000515-02-07; NU50CK000515-05-00; NU50CK000515-05-05; NU50CK000515-01-08; NU50CK000515-02-04
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-049
Background
The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local and territories’ public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports many specific infectious disease programs and projects, and it provides special appropriations in response to infectious disease emergencies. The Department spent more than $126.6 million in federal grant funds during fiscal year 2024, about $20 million of which it disbursed to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Department uses an Excel workbook to track subrecipients’ single audits.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the ELC program received required single audits and appropriately followed up on findings and issued management decisions. The prior finding number was 2023-049.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure its subrecipients of the ELC program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Department did not have written policies or procedures over its process for tracking subrecipients’ single audits. To monitor compliance with these requirements, the Department used an Excel spreadsheet to track subrecipients’ single audits and the agency’s follow-up actions, if necessary. However, after examining the workbook, we found 13 subrecipients that required audit tracking were missing. Additionally, we found that the Department did not check for single audit requirements for one subrecipient, and that no single audit exists for that subrecipient in the federal audit clearinghouse.
During fiscal year 2024, four subrecipients received an ELC finding, which the Department documented in the tracking workbook. However, the workbook did not document any follow-up with the subrecipient or review of a corrective action plan. In addition, the Department did not issue a management decision letter for any of the findings, and the tracking spreadsheet did not document any management decisions.
We consider these internal control deficiencies to be material weaknesses, which led to material noncompliance.
Cause of Condition
There were no written procedures for the single audit tracking process. Management said there was confusion around the subrecipient single audit process, and that they were working to define the process around the monitoring requirements. In addition, management did not exercise sufficient oversight to ensure staff completed the monitoring.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• All subrecipients receive a single audit, if required
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
Department’s Response
We appreciate the State Auditor’s Office audit of the ELC grant. DOH is committed to ensuring our programs comply with federal regulations. The Department will evaluate current processes and provide additional training to staff to monitor if DOH subrecipients of the ELC program received required single audits and take appropriate action based on those single audits. This will include DOH following up on findings and issued management decisions.
In addition, during the COVID pandemic DOH operated under a competitive procurement waiver in order to expedite funding to critical partners throughout the state. Efforts to accelerate contracts combined with the misperception that Educational Service Districts (ESDs) are an extension of the Office of Superintendent of Public Instruction (OSPI was named in the IAA as a collaborator for the Learn to Return Playbook), prompted the decision to use an Interagency Agreement and therefore some single audits were not tracked. DOH implemented and corrected this error moving forward with ESD’s and Subrecipient contracts as of January 2024, the middle of the next audit cycle. Therefore, the corrections will not be reflected in contracts executed prior to that time frame.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
1. Reviewing financial and performance reports required by the pass-through entity.
2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by section 75.521.
f. Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in section 75.501.
h. Consider taking enforcement action against noncompliant subrecipients as described in section 75.371and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-042 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with Temporary Assistance for Needy Families funds were allowable and property supported.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $67,698,747
Prior Year Audit Finding: Yes, Finding 2023-051
Background
The Department of Social and Health Service (DSHS), Community Services Office, administers the Temporary Assistance for Needy Families (TANF) grant that provides temporary cash assistance for families in need. To receive TANF benefits, participants must be engaged in activities listed in the Individual Responsibility Plan through the WorkFirst program, unless the TANF benefits are received only on behalf of a child. TANF grant funds are also used to pay clients’ child care costs to meet one of the program’s primary purposes of helping clients obtain employment.
Washington has established the Working Connections Child Care (WCCC) program to help eligible working families pay for child care. Both the Department of Children, Youth, and Families (the Department) and DSHS administer the program. The Department is responsible for establishing policies and procedures for licensing child care providers and paying them for allowable child care services. DSHS determines TANF client eligibility and reimburses the Department for child care payments under an agreement between the two agencies. In fiscal year 2024, DSHS paid $67,698,747 related to child care services.
The Department uses its Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the eligibility of the client. These funding sources include multiple federal programs, multiple Child Care Development Fund (CCDF) federal grant awards and state funding. The Department uploads the payment data into the state’s accounting system at a summary level based on the various funding sources.
DSHS worked with the Department to set up coding in the Payment Allocating Model system that looks at the client-level information and then assigns the correct TANF source of funds. Once the source of funds is identified, that information is sent to SSPS for allocation assignment. The Department prepares electronic reports for funds allocated to TANF funding sources and sends DSHS a monthly bill. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
Some payments the Department makes for child care are funded by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the WCCC program. Federal regulations require grant fund expenditures to be adequately supported to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls that ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with TANF funds were allowable and properly supported. The prior finding numbers were 2023-051, 2022-035 and 2021-028.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with TANF funds were allowable and properly supported.
To identify TANF-funded payments the Department made to child care providers, we requested a population of payments charged to TANF sources from SSPS. However, in fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent TANF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions from SSPS that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. Officials from the U.S. Department of Health and Human Services informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
Because the Department did not comply with federal requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $67,698,747 in federal program costs for child care payments that DSHS paid during the audit period.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Update service level agreements with DSHS to ensure payments are sufficient and properly supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Working Connections Child Care (WCCC) program was previously managed by the Department of Social and Health Services (DSHS) and the Department of Early Learning. Since the program transitioned in 2019, the Department has been making efforts to strengthen internal controls over payments to child care providers and other grant requirements.
The Department implemented grant-level management of all federal funds, including the Temporary Assistance for Needy Families grant. This consisted of making significant grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements were met. The Department’s grant adjustments were processed based on eligible clients and allowable activities.
The State Auditor’s Office (SAO) has taken issues in the past several audits and maintained that the program is not auditable without child-level data. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit for accurately testing compliance. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance recommended by the SAO.
In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. The enacted budget included funding to implement the Department’s budget request beginning in state fiscal year 2025, specifically:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024.”
The Department is working with a developer to assist with building out the required databases between the Social Service Payment System and the Agency Financial Reporting System to allow transfers between funding sources to include child-level data related to the expenditures.
The Department looks forward to working with SAO to resolve the child-level data concerns in the audit of the child care grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the grant adjustments were processed for eligible and allowable expenditures for the TANF grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-044 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure the statewide court hearing rate assessment was performed for subrecipients of the Child Support Services program.
Assistance Listing Number and Title: 93.563 Child Support Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WACSES; 2201WACSES; 2401WACSES
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Social and Health Services (DSHS) administers the Child Support Services program (CSS), which aims to locate absent parents, establish paternity, obtain child and spousal support, and enforce support obligations owed by noncustodial parents. During fiscal year 2024, the Department spent more than $129 million in federal program funds, about $23 million of which it paid to subrecipients.
The Department administers and awards CSS funding to all counties through various court offices, including county clerks, county commissioners and county prosecutors.
Federal regulations require the Department to monitor the activities of subrecipients to ensure the subaward is used for authorized purposes, in compliance with federal statues, regulations, and terms and conditions of the subaward, and that subaward performance goals are achieved. This includes reviewing financial and performance reports required by the passthrough entity.
Department procedures require the Department to implement a statewide court hearing rate every calendar year. This rate is used by the subrecipient courts to determine the total allowable CSS share of direct costs. The process of implementing this rate begins by reviewing court hearing data from the current year from five sample counties. The counties submit two months of Commission hearing data from the current calendar year. The Department requires each sample county to provide the case number, party names, hearing date, and the start and end times of each hearing. The County Fiscal Liaison selects a sample from the total number of hearings and the counties review the hearings to determine if they were child support related and identifies the total number of minutes in the hearing. After it has been determined that a case is CSS related, a review is completed to determine if the parties in the hearing have a Title IV-D case. The review is documented on the Department’s sampling worksheet, which calculates the rate based on the actual minutes related to the program divided by the total minutes of the hearings.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure the statewide court hearing rate assessment was performed for subrecipients of the CSS program.
According to the Division of Child Support Court Commissioner sample process document, program staff are required to review court hearing data from five sample counties in the state to determine the statewide hearing rate for the year. We found the Department did not perform the rate assessment to ensure that the statewide rate established during the fiscal year was based on current case load data of the subrecipient courts. As a result, the Department continued using the previously determined hearing rate, which the courts then used to determine their reimbursement claim amounts for the fiscal year. The Department was unable to provide documentation to demonstrate this action was discussed, what rationale was used to determine this course of action or that management approved it.
We consider this internal control deficiency to be a material weakness that led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not establish sufficient internal controls to ensure the annual rate assessment was completed and accurate. The Department asserted it did not have sufficient court hearing data from participating counties at the time of the annual rate assessment. In addition, management asserted that it could not replace counties selected for analysis that experienced data errors in reporting child support caseloads to the state. Therefore, management opted not to complete the rate assessment. However, the Department did not document the rationale for its decision, nor management’s approval to continue using the previously established court hearing rate.
Effect of Condition
Without conducting the rate assessment, the Department cannot ensure the CSS hearing rate is an accurate representation of court caseloads for the program. This increases the risk of the Department reimbursing the courts at an excessive rate based on the child support cases heard.
Recommendation
We recommend the Department:
• Improve internal controls to ensure it performs required county hearing rate assessments based on its policies and procedures
• Establish internal controls sufficient to ensure it performs annual rate assessments to ensure hearing rates the courts use are based on accurate and complete data
Department’s Response
The Department partially concurs with the auditor’s finding.
The Department has an established written process for conducting a sample of five counties to determine the statewide hearing rate for the fiscal year. Two of the five counties contacted us two weeks after the due date with technical issues and concerns that their data may not be accurate and requested that we use other counties’ data as part of the sampling process.
Since the Department was already into State Fiscal Year (SFY) 24 and the courts needed the rate for their reimbursement requests, it was not realistic with such short notice to find two other counties that could pull two months of court hearings data from the prior year. DCS management made the decision to carry over the certified rate from the prior fiscal year’s sampling process rather than use potentially inaccurate data to update the court hearing rate. The difference in the sampling rates between SFY 22 (6.35%) and SFY 23 (6.58%) was so small we determined that a carryover of the SFY 23 rate given the circumstances would provide the most accurate representation of court caseloads and would mitigate the risk of the Department reimbursing the courts at an excessive rate.
The Department provided the auditor documentation from the two counties that communicated their inability to participate in the SFY 24 sampling process as well as the Department’s communication to all the court administrators. This communication explained that due to unforeseen circumstances, the Department was not able to complete the state sampling process for SFY 24 and that it used the certified rate from SFY 23 to set a SFY 24 hearing rate. In addition, the Department provided the approved SFY 23 rate and sampling data. The auditor stated that since the SFY 23 rate was signed in April 2023, it was outside the scope of the audit period. The Department disagreed with the auditor because the SFY 23 rate was carried over for SFY 24, which made the sampling process and data within scope of the audit period.
For the SFY 25 rate, the Department has found a new county to participate in the sampling process and the other county has resolved their system issues.
The Department will update procedures to ensure decisions and approvals are documented when alternate methodologies are required.
Auditor’s Remarks
The Department asserts it communicated to participating counties that it would not re-assess the hearing rate for the year 2024 child support cases and instead carry forward the rate approved from 2023. This communication was provided to our Office in the form of an email, sent by the County Fiscal Liaison, which did not have any recipients listed. In addition, the Department did not provide documentation to demonstrate that management reviewed and approved the decision to carry forward the previously certified child support hearing rate, including what factors were considered that would allow the previous rate to be used and still be compliant with child support services monitoring requirements.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR part 75, section 352, Requirements for pass-through entities, establishes the requirements for pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Division of Child Support Court Commissioner Sample Process Instructions, states in part:
“….Notify sample counties in July or August that it’s time to pull their samples. Current sample counties are: Chelan, Lewis, Pend Oreille, Spokane, and Grays Harbor. Email each sample county and request they provider their sample data”
“ To pull the sample –
9. Using the Access Sample Program – pull a sample of 275-350 hearings. This number was determined by E-Maps statisticians to be an acceptable number of hearings based on having less than 5,000 hearings total. (*There is also a program that will provide you with a statistically sound sample number based on the total number of hearings you enter. You can use this or choose a number somewhere between 275-350.)
10. Set up your sample worksheets to include a column titled ‘Child Support?’ and one titled ‘IV-D?’, and one titled ‘Qualified Number of Minutes’.
11. Print this out so you have a hard copy to work from. These you will fill in as you review each hearing. If the hearing gets both a YES under the Child Support and the IV-D, then you’ll enter the number of minutes of that hearing in the last column.”
12. Review each and every hearing to determine if it is child support related.”
“Calculating the sample IV-D percentage rate –
Using your ‘Final Data Totals’ worksheet:
20. Cell F6 - Enter number of minutes for all “Other” than 3 & 5 case types.
21. Cell F7 - Enter number of minutes for all Type 3 + Type 5 case types.
22. Total of all hearings minutes will be automatically calculated and entered in Cell F8.
23. Cell F11 - Enter the total number of minutes in the sample.
24. Cell F13 - Enter the total of IV-D qualified minutes in the sample.
25. The system will calculate the IV-D sample percentage from those two figures and enter it in Cell F15.
26. Cell G6 - Enter the percentage of all “other” case types that are IV-D (this will always be 0).
27. Cell G7 – The system will enter the percentage of all Type 3 + Type 5 cases that are IV-D. (This is simply copied from Cell F15.)
28. Cell H7 – The system will enter the Total IV-D Minutes for Type 3 and Type 5 cases using the total Type 3 + Type 5 minutes (Cell F7) multiplied by the percentage of IV-D minutes per the sample (Cell G7).
29. That number (Cell H8) is then divided by the total of minutes of ALL hearings submitted (Cell F8) and the resulting percentage is your Hearings Sample IV-D Percentage Rate to be used by all counties statewide for their Court Commissioner reimbursements.”
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-045 The Department of Social and Health Services did not have adequate internal controls to ensure risk assessments performed for subrecipients of the Child Support Services program were accurate and complete.
Assistance Listing Number and Title: 93.563 Child Support Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WACSES; 2201WACSES; 2401WACSES
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Department of Social and Health Services (DSHS) administers the Child Support Services program (CSS), which aims to locate absent parents, establish paternity, obtain child and spousal support, and enforce support obligations owed by noncustodial parents. During fiscal year 2024, the Department spent more than $129.7 million in federal program funds, about $23 million of which it paid to subrecipients.
The Department administers and awards program funding to all counties through various court offices, including county clerks, county commissioners and county prosecutors. Federal regulations require the Department to evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward to determine the appropriate amount and type of subrecipient monitoring required to ensure they use the subaward for authorized purposes, comply with the terms and conditions of their subawards, and achieve performance goals.
The Department’s County Fiscal Liaison completes the annual risk assessment of all counties for the program. The Department’s risk assessment contains different risk factors that are answerable by a “yes” or a “no” value and are each assigned a numerical value. The scores are then totaled to determine the overall risk of the subrecipient. This risk score determines the adequate level of monitoring necessary for the subrecipient.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure risk assessments performed for subrecipients of the program were accurate and complete.
The Department’s policies and procedures instruct program staff to conduct annual risk assessments and determine the level of monitoring required for each county subrecipient. Although the County Fiscal Liaison completed risk assessments for county subrecipients during the audit period, Department management did not perform a secondary review of the risk assessments the County Fiscal Liaison completed for completeness and appropriateness. In addition, we determined that only the County Fiscal Liaison participates in the subrecipient risk assessment process. Therefore, we determined the Department does not have adequate internal controls to ensure program staff perform risk assessments, as required by Department policies, and that the results of completed risk assessments are accurate and support the recommended level of monitoring over the subrecipients.
We consider this internal control deficiency to be a material weakness.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Management did not consider performing a secondary review of the County Fiscal Liaison’s assessment of each County’s risk of noncompliance, and did not monitor the results of risk assessment as it relied on the liaison’s judgment.
Effect of Condition
Without monitoring to ensure risk assessments are completed and conducting a secondary review of risk assessments that program staff perform, management cannot ensure that the Department is meeting federal requirements by performing the appropriate level of monitoring to ensure subrecipients comply with program requirements.
Recommendation
We recommend the Department:
• Improve internal controls to ensure it performs required risk assessments
• Establish internal controls to ensure management reviews and approves risk assessments to ensure they are complete, accurate and performed timely to ensure an appropriate level of subrecipient monitoring is performed
•
Department’s Response
The Department partially concurs with the auditor’s findings.
The Department has a control in place to discuss risks in real time with management during weekly meetings. Management is appraised of concerns and workloads, including completion of risk assessments. The risk assessment worksheets capture, in writing, the risks and actions taken as discussed with management in the weekly meetings.
For ongoing compliance, the Department’s Division of Child Support will update procedures for risk assessments to include documenting management’s review and approval.
Auditor’s Remarks
We requested and received risk assessment worksheets as part of the audit and found no information indicating the results were provided to or approved by management. In addition, program staff informed our Office that it did not have documentation to demonstrate that risk assessments completed by the County Fiscal Liaison were reviewed by management for appropriateness.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes the requirements for pass-through entities.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-046 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Refugee and Entrant Assistance program.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WARCMA-03, 2301WARCMA-04, 2301WARSSS-06, 2301WARSSS-07, 2301WARSSS-08, 2301WARSSS-09, 2401WARCMA-00, 2401WARCMA-01, 2401WARCMA-02, 2401WARSSS-00, 2401WARSSS-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-052
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2024, the Department spent about $77.9 million in federal program funding. Of that amount, the Department passed through more than $55.9 million to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
During fiscal year 2024, the Department issued 125 subawards and 122 subaward amendments totaling more than $111 million to subrecipients that it was required to report in FSRS.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-052.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
We used a statistical sampling method and randomly selected and examined 24 subawards out of a total population of 247. We also tested two individually significant subawards. We determined that 12 out of 26 subawards (46%) were not submitted in FSRS during the audit period. The Department reported three of the 12 subawards in FSRS after the audit period ended, however the reports were submitted late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not have written policies and procedures in place to determine which subawards and amendments were required to be reported in FSRS until April 2024. Management said the Department filed overdue reports from prior fiscal years before it could report subawards issued during the audit period. Additionally, management did not ensure that reports were originally submitted, as required.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance, including suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reports all first-tier subawards of $30,000 or more, as required
• Verify all subawards and subaward amendments are reported in FSRS, as required
Department’s Response
The Department concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) will immediately report the contracts and amendments in question to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS).
For ongoing compliance, ORIA will develop and subsequently implement a process to verify all subawards and subaward amendments were reported as required.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-047 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WARCMA-03, 2301WARCMA-04, 2301WARSSS-06, 2301WARSSS-07, 2301WARSSS-08, 2301WARSSS-09, 2401WARCMA-00, 2401WARCMA-01, 2401WARCMA-02, 2401WARSSS-00, 2401WARSSS-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-054
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services’ Office of Refugee and Immigrant Assistance (ORIA) administers the State’s Refugee and Entrant Assistance programs. During fiscal year 2024, the Department spent about $77.9 million in federal program funding, more than $55.9 million of which it passed through to subrecipients.
Federal regulations require the Department to monitor the activities of subrecipients to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. This includes reviewing financial and performance reports required by the pass-through entity.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs. The prior finding number was 2023-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
The Department’s administrative policy 19.50.30 - Subrecipient Monitoring requires Department staff to conduct programmatic and fiscal monitoring of subrecipients. We found the Department did not monitor any of its 56 program subrecipients to ensure compliance with federal statutes, regulations, or that subaward performance goals are achieved.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
In response to the prior audit finding, ORIA program management implemented procedures for determining program subrecipients, however these changes did not take effect until the end of this audit period.
The Department did not accurately identify all program subrecipients to develop a comprehensive monitoring plan and did not ensure subrecipients were correctly identified and monitored for compliance, as required by the Uniform Guidance. In addition, management did not effectively communicate the responsibility for conducting fiscal monitoring of program subrecipients to ORIA staff.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department cannot reasonably ensure that the subrecipient has complied with the terms and conditions of the subaward.
Recommendation
We recommend the Department:
• Establish effective internal controls to ensure all subrecipients are subject to fiscal and program monitoring, as required
• Establish effective internal controls to ensure subrecipients are accurately identified by Department program staff
• Establish internal controls to ensure Department staff review financial and performance-based reports for every subrecipient
• Monitor each subrecipient to obtain reasonable assurance that each subrecipients’ use of federal funds complies with federal laws and regulations, and the subaward terms and conditions
• Communicate to subrecipients any deficiencies noted during its review and ensure appropriate corrective action is taken to address the deficiencies
Department’s Response
The Department concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) monitored some of their subrecipients, however, they did not have monitoring reports to provide as evidence. Since the program determined the subrecipients to be low risk, monitoring consisted of a desk review which was documented only on the monitoring screen of the Agency Contracts Database (ACD).
In response to the prior audit 2023-054, ORIA is working with the Division of Finance and Financial Resources (DFFR) to develop and implement effective internal controls and clear written procedures covering program and fiscal subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
To address the significant workload associated with onsite monitoring and the development of monitoring reports, ORIA and DFFR will explore the department’s ability to increase staff resources.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Department of Social and Health Services, Administrative Policy 19.50.30, Subrecipient Monitoring, states in part:
Policy
E. Fiscal and programmatic monitoring must be completed. (See Attachment C – Sample DSHS Subrecipient Fiscal Monitoring Site Visit Tool)
Based on the result of the risk assessment, a desk or on-site review must be completed. Each Program has control over the form and content of its risk assessment tools.
1. If the risk assessment shows the entity is of low to medium risk, the entity may not require an on-site review. The following items, if available, must be documented in a desk review:
a. Entity’s invoices and documentation (A-19s).
b. Entity’s program or service and financial reports.
c. Surveys or feedback cards from clients.
d. Client complaints.
e. Entity’s audit or financial report follow up and ensuring all appropriate action has been taken on all items detected through audits, on-site reviews and any other means.
f. Entity’s indirect rate certification (Certificate of Indirect Costs, form 02-568 or plan), if applicable.
g. If any of the above are not reviewed within the desk review, supervisor approval and an explanation for the reason the items were unable or immaterial to be reviewed must be included within the desk review assessment tool.
2. If the risk assessment shows the entity is a high risk, an on-site visit is required. The program/division will assign the appropriate staff to conduct the on-site review. On-site reviews must include all items in a desk review. In addition, on-site reviews may include, as appropriate, the following items:
a. A review of the delivery of program services.
b. Discussions about the subrecipient’s problems and challenges.
c. Follow-up on identified problems from previous visits.
d. Review of faculty/personnel licensing.
e. Review of surveys and inspections performed by outside parties.
f. Interview of staff to determine whether they are familiar with the program.
g. Inspection of the entity’s facilities and operations.
h. Review of and compliance with the entity’s policies and procedures governing service delivery and financial processes.
i. Review of the entity’s monitoring/production reports.
j. Review of any independent limited scope program audits.
k. Verification of performance from outside source (e.g. sub-contractors).
l. Review of the entity’s self-risk assessment survey.
m. Review of internal controls.
n. Review of billing practices.
o. Review of allocation of costs.
p. Review of timesheets or activity reports.
q. Review of financial records.
F. Monitoring must be documented.
1. The ACD must be used to document all subrecipient-related monitoring activities.
2. Assigned staff must document all desk or on-site reviews performed. The program manager overseeing the contract is responsible for making sure that items included in the review are documented in the ACD by the end of the contract period.
3. Each program must maintain contract monitoring documentation per General Administration’s retention schedule (Administrative Policy 5.04, Records Retention).
2024-048 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WARCMA-03, 2301WARCMA-04, 2301WARSSS-06, 2301WARSSS-07, 2301WARSSS-08, 2301WARSSS-09, 2401WARCMA-00, 2401WARCMA-01, 2401WARCMA-02, 2401WARSSS-00, 2401WARSSS-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-053
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2024, the Department spent about $77.9 million in federal program funding. Of that amount, the Department passed through more than $55.9 million to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit or program-specific audit. Furthermore, federal regulations require subrecipients to submit their audits in the Federal Audit Clearinghouse and to the pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes on to its subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions. The prior finding number was 2023-053.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
We found the Department did not have adequate internal controls in place to verify whether:
• Subrecipients met the audit threshold for federal assistance expended for their fiscal year
• Subrecipients received required audits, if necessary, and appropriate actions were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who received a single audit or program-specific audit
We found the Department did not monitor each of its 56 subrecipients to ensure they received a single audit, if required. Six of these subrecipients received single audits during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department used accounting system reports to determine how much it reimbursed subrecipients with Refugee and Entrant Assistance funds. However, management did not monitor subrecipients to ensure they received single audits, as required. Additionally, management did not assign any specific employees the responsibility for reviewing subrecipient audit reports and findings until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the Department cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions, and management monitors them for effectiveness where required, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the Department:
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department partially concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) monitored their subrecipients for single audit reports by verifying each subrecipient’s total federal financial assistance through online tax forms. For subrecipients that met the single audit threshold, ORIA either received the single audit report from the subrecipient or pulled a copy from the single audit online database. However, the Department did not issue management decisions.
As part of our corrective action plan for the prior audit finding (2023-053), ORIA is working with the Department’s Division of Finance and Financial Resources (DFFR) to establish and implement effective internal controls and written procedures to ensure ORIA reviews audit reports for their subrecipients and issue written management decisions, as required.
ORIA and DFFR will review all SFY24 completed single audit reports, and for any findings that pertain only to the federal award provided to the subrecipient, ORIA will issue a management decision outlining their determination of the effectiveness of the subrecipients’ proposed corrective actions to address the findings and monitor the subrecipient’s corrective actions through completion.
Auditor’s Remarks
In response to our audit request for internal controls, the Department asserted in writing that its monitoring of single audits of subrecipients during the audit period were not completed during state fiscal year 2024 and that it had no records for us to test to demonstrate monitoring occurred. It further stated that management hopes to demonstrate compliance beginning in state fiscal year 2025.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-046 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Refugee and Entrant Assistance program.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WARCMA-03, 2301WARCMA-04, 2301WARSSS-06, 2301WARSSS-07, 2301WARSSS-08, 2301WARSSS-09, 2401WARCMA-00, 2401WARCMA-01, 2401WARCMA-02, 2401WARSSS-00, 2401WARSSS-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-052
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2024, the Department spent about $77.9 million in federal program funding. Of that amount, the Department passed through more than $55.9 million to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The intent of the Act is to empower the public with the ability to hold the federal government accountable for spending decisions and, as result, reduce wasteful government spending.
During fiscal year 2024, the Department issued 125 subawards and 122 subaward amendments totaling more than $111 million to subrecipients that it was required to report in FSRS.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-052.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
We used a statistical sampling method and randomly selected and examined 24 subawards out of a total population of 247. We also tested two individually significant subawards. We determined that 12 out of 26 subawards (46%) were not submitted in FSRS during the audit period. The Department reported three of the 12 subawards in FSRS after the audit period ended, however the reports were submitted late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not have written policies and procedures in place to determine which subawards and amendments were required to be reported in FSRS until April 2024. Management said the Department filed overdue reports from prior fiscal years before it could report subawards issued during the audit period. Additionally, management did not ensure that reports were originally submitted, as required.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending. The terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance, including suspending or terminating the federal award or withholding future awards.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it reports all first-tier subawards of $30,000 or more, as required
• Verify all subawards and subaward amendments are reported in FSRS, as required
Department’s Response
The Department concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) will immediately report the contracts and amendments in question to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS).
For ongoing compliance, ORIA will develop and subsequently implement a process to verify all subawards and subaward amendments were reported as required.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-047 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WARCMA-03, 2301WARCMA-04, 2301WARSSS-06, 2301WARSSS-07, 2301WARSSS-08, 2301WARSSS-09, 2401WARCMA-00, 2401WARCMA-01, 2401WARCMA-02, 2401WARSSS-00, 2401WARSSS-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-054
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services’ Office of Refugee and Immigrant Assistance (ORIA) administers the State’s Refugee and Entrant Assistance programs. During fiscal year 2024, the Department spent about $77.9 million in federal program funding, more than $55.9 million of which it passed through to subrecipients.
Federal regulations require the Department to monitor the activities of subrecipients to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. This includes reviewing financial and performance reports required by the pass-through entity.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs. The prior finding number was 2023-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to perform fiscal and program monitoring of subrecipients for the Refugee and Entrant Assistance programs.
The Department’s administrative policy 19.50.30 - Subrecipient Monitoring requires Department staff to conduct programmatic and fiscal monitoring of subrecipients. We found the Department did not monitor any of its 56 program subrecipients to ensure compliance with federal statutes, regulations, or that subaward performance goals are achieved.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
In response to the prior audit finding, ORIA program management implemented procedures for determining program subrecipients, however these changes did not take effect until the end of this audit period.
The Department did not accurately identify all program subrecipients to develop a comprehensive monitoring plan and did not ensure subrecipients were correctly identified and monitored for compliance, as required by the Uniform Guidance. In addition, management did not effectively communicate the responsibility for conducting fiscal monitoring of program subrecipients to ORIA staff.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure its subrecipients are spending federal funds in accordance with grant requirements. Without adequately monitoring each subrecipient’s use of federal funds expended during the period of performance of the subaward, the Department cannot reasonably ensure that the subrecipient has complied with the terms and conditions of the subaward.
Recommendation
We recommend the Department:
• Establish effective internal controls to ensure all subrecipients are subject to fiscal and program monitoring, as required
• Establish effective internal controls to ensure subrecipients are accurately identified by Department program staff
• Establish internal controls to ensure Department staff review financial and performance-based reports for every subrecipient
• Monitor each subrecipient to obtain reasonable assurance that each subrecipients’ use of federal funds complies with federal laws and regulations, and the subaward terms and conditions
• Communicate to subrecipients any deficiencies noted during its review and ensure appropriate corrective action is taken to address the deficiencies
Department’s Response
The Department concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) monitored some of their subrecipients, however, they did not have monitoring reports to provide as evidence. Since the program determined the subrecipients to be low risk, monitoring consisted of a desk review which was documented only on the monitoring screen of the Agency Contracts Database (ACD).
In response to the prior audit 2023-054, ORIA is working with the Division of Finance and Financial Resources (DFFR) to develop and implement effective internal controls and clear written procedures covering program and fiscal subrecipient monitoring requirements. ORIA will train all staff responsible for subrecipient monitoring on the newly established internal controls and written procedures.
To address the significant workload associated with onsite monitoring and the development of monitoring reports, ORIA and DFFR will explore the department’s ability to increase staff resources.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Department of Social and Health Services, Administrative Policy 19.50.30, Subrecipient Monitoring, states in part:
Policy
E. Fiscal and programmatic monitoring must be completed. (See Attachment C – Sample DSHS Subrecipient Fiscal Monitoring Site Visit Tool)
Based on the result of the risk assessment, a desk or on-site review must be completed. Each Program has control over the form and content of its risk assessment tools.
1. If the risk assessment shows the entity is of low to medium risk, the entity may not require an on-site review. The following items, if available, must be documented in a desk review:
a. Entity’s invoices and documentation (A-19s).
b. Entity’s program or service and financial reports.
c. Surveys or feedback cards from clients.
d. Client complaints.
e. Entity’s audit or financial report follow up and ensuring all appropriate action has been taken on all items detected through audits, on-site reviews and any other means.
f. Entity’s indirect rate certification (Certificate of Indirect Costs, form 02-568 or plan), if applicable.
g. If any of the above are not reviewed within the desk review, supervisor approval and an explanation for the reason the items were unable or immaterial to be reviewed must be included within the desk review assessment tool.
2. If the risk assessment shows the entity is a high risk, an on-site visit is required. The program/division will assign the appropriate staff to conduct the on-site review. On-site reviews must include all items in a desk review. In addition, on-site reviews may include, as appropriate, the following items:
a. A review of the delivery of program services.
b. Discussions about the subrecipient’s problems and challenges.
c. Follow-up on identified problems from previous visits.
d. Review of faculty/personnel licensing.
e. Review of surveys and inspections performed by outside parties.
f. Interview of staff to determine whether they are familiar with the program.
g. Inspection of the entity’s facilities and operations.
h. Review of and compliance with the entity’s policies and procedures governing service delivery and financial processes.
i. Review of the entity’s monitoring/production reports.
j. Review of any independent limited scope program audits.
k. Verification of performance from outside source (e.g. sub-contractors).
l. Review of the entity’s self-risk assessment survey.
m. Review of internal controls.
n. Review of billing practices.
o. Review of allocation of costs.
p. Review of timesheets or activity reports.
q. Review of financial records.
F. Monitoring must be documented.
1. The ACD must be used to document all subrecipient-related monitoring activities.
2. Assigned staff must document all desk or on-site reviews performed. The program manager overseeing the contract is responsible for making sure that items included in the review are documented in the ACD by the end of the contract period.
3. Each program must maintain contract monitoring documentation per General Administration’s retention schedule (Administrative Policy 5.04, Records Retention).
2024-048 The Department of Social and Health Services did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.566 Refugee and Entrant Assistance – State Administered Programs
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2301WARCMA-03, 2301WARCMA-04, 2301WARSSS-06, 2301WARSSS-07, 2301WARSSS-08, 2301WARSSS-09, 2401WARCMA-00, 2401WARCMA-01, 2401WARCMA-02, 2401WARSSS-00, 2401WARSSS-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-053
Background
The Refugee and Entrant Assistance – State Administered programs provide states and replacement designees with funds to help refugees, asylees, trafficking victims, special immigrants, and certain humanitarian parolees during the first 12 months after their date of arrival, or date of eligibility, in the U.S to attain economic self-sufficiency as soon as possible after their initial placement.
The U.S. Department of Health and Human Services administers this program by providing assistance through Cash and Medical Assistance (CMA) Grants, as well as Refugee Support Services (RSS). Specifically, CMA covers Refugee Cash Assistance, Refugee Medical Assistance, Unaccompanied Refugee Minor assistance, medical screenings and administrative costs. RSS provides formula funding to assist with facilitating employment and other social services for refugees for up to five years after their date of arrival to the U.S., or date of initial eligibility. In 2022, Congress appropriated additional funding under the Additional Afghanistan Supplemental Appropriations Act, and Additional Ukraine Supplemental Appropriations Act.
In Washington, the Department of Social and Health Services administers the state’s Refugee and Entrant Assistance programs. In fiscal year 2024, the Department spent about $77.9 million in federal program funding. Of that amount, the Department passed through more than $55.9 million to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit or program-specific audit. Furthermore, federal regulations require subrecipients to submit their audits in the Federal Audit Clearinghouse and to the pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes on to its subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions. The prior finding number was 2023-053.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Refugee and Entrant Assistance programs received required single audits, and that it followed up on findings and issued management decisions.
We found the Department did not have adequate internal controls in place to verify whether:
• Subrecipients met the audit threshold for federal assistance expended for their fiscal year
• Subrecipients received required audits, if necessary, and appropriate actions were taken if audits were not filed
• Management decisions were required to be issued for subrecipients who received a single audit or program-specific audit
We found the Department did not monitor each of its 56 subrecipients to ensure they received a single audit, if required. Six of these subrecipients received single audits during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department used accounting system reports to determine how much it reimbursed subrecipients with Refugee and Entrant Assistance funds. However, management did not monitor subrecipients to ensure they received single audits, as required. Additionally, management did not assign any specific employees the responsibility for reviewing subrecipient audit reports and findings until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the Department cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions, and management monitors them for effectiveness where required, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the Department:
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to determine if any additional subrecipients are required to take corrective action to address audit recommendations
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required
• Ensure subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department partially concurs with the auditor’s findings.
The Department’s Office of Refugee and Immigrant Assistance (ORIA) monitored their subrecipients for single audit reports by verifying each subrecipient’s total federal financial assistance through online tax forms. For subrecipients that met the single audit threshold, ORIA either received the single audit report from the subrecipient or pulled a copy from the single audit online database. However, the Department did not issue management decisions.
As part of our corrective action plan for the prior audit finding (2023-053), ORIA is working with the Department’s Division of Finance and Financial Resources (DFFR) to establish and implement effective internal controls and written procedures to ensure ORIA reviews audit reports for their subrecipients and issue written management decisions, as required.
ORIA and DFFR will review all SFY24 completed single audit reports, and for any findings that pertain only to the federal award provided to the subrecipient, ORIA will issue a management decision outlining their determination of the effectiveness of the subrecipients’ proposed corrective actions to address the findings and monitor the subrecipient’s corrective actions through completion.
Auditor’s Remarks
In response to our audit request for internal controls, the Department asserted in writing that its monitoring of single audits of subrecipients during the audit period were not completed during state fiscal year 2024 and that it had no records for us to test to demonstrate monitoring occurred. It further stated that management hopes to demonstrate compliance beginning in state fiscal year 2025.
We reaffirm our audit finding and we will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients.
Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-049 The Department of Commerce improperly charged $492,317 to earmarking requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WAE5C6; 2101WALIEA
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: $492,317
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia, and territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Federal regulations require the Department to meet the following earmark requirements:
• No more than 10% of a state’s LIHEAP funds may be used for planning and administrative costs
• No more than 15% of LIHEAP funds may be used for low-cost residential weatherization or other energy-related home repairs
• No more than 5% of LIHEAP funds may be used to provide services that encourage and enable households to reduce their home energy needs and therefore their need for energy assistance
To ensure the Department meets the earmark requirements, when a new award is received, staff create an allocation model to calculate the maximum allowable earmarking amounts. Each award is given unique project codes in the accounting system to track expenditures against the earmark amounts.
Description of Condition
The Department of Commerce improperly charged $492,317 to earmarking requirements for LIHEAP.
We found the Department had procedures to track earmarking requirements and had adequate internal controls to ensure material compliance.
During fiscal year 2024, there were two awards that were required to meet the earmark limits. We found both awards overspent the 15% weatherization earmark as follows:
• For award 2101WAE5C6, the Department overspent the amount by $287,998.
• For award 2101WALIEA, the Department overspent the amount by $204,319.
The total questioned cost amount is $492,317.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the questioned costs exceeded that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
When completing the allocation model to determine earmarking amounts, the Department initially allocated 15% of the total award funds to weatherization. However, staff allocated additional subrecipient administrative funds to the initial allocated amount, bringing the weatherization total beyond the allowed earmark. Staff identified this error, but the Department had already obligated funds to subrecipients from this allocation and chose not to correct the subaward amounts.
Effect of Condition and Questioned Costs
We identified $492,317 in questioned costs on activities that exceeded the weatherization earmark amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Department consult with the federal grantor to discuss whether it should repay the questioned costs identified in the audit.
Department’s Response
The Department appreciates the detailed audit of the earmarking process in use by the Low Income Home Energy Assistance Program (LIHEAP). Following receipt of the audit recommendations, budget and Internal Controls Office staff reviewed the total expenditures used to calculate the questioned costs and determined the amounts reported were accurate. Program staff will seek guidance from the Department of Health and Human Services (HHS) Office of Community Services (OCS) regarding the questioned costs.
To ensure accuracy and compliance of current and future awards, LIHEAP program staff are currently collaborating with budget staff to work towards alignment between divisions with federal requirements. This includes a thorough review of financial records, detailed reconciliations, and adjustments to budgeting procedures to prevent future occurrences.
Moving forward, the Department will implement enhanced internal controls and monitoring processes to ensure accurate budgeting and reporting of earmarked funds. We are committed to maintaining compliance with federal requirements and demonstrating our accountability in managing public funds.
The Department will provide the results of the consultation of HHS during the next scheduled LIHEAP audit or audit follow-up.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 CFR Part 75.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards establishes definitions for questioned costs. Part 75.410 establishes requirements for the collection of unallowable costs.
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 United States Code, Section 8624(k), Limitations on use of funds; waiver, establishes that no more than 15% may be used by the State for low-cost residential weatherization or other energy-related home repair for low-income households.
2024-050 The Department of Commerce did not have adequate internal controls over and did not comply with period of performance requirements for the Low-Income Home Energy Assistance program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA, 2101WAE5C6, 2101WALWC6, 2101WALWC5, 2201WALIEI, 2201WALIEA, 2201WALIE4
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $4,409,760
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families (ACF), administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Federal regulations require the Department to obligate at least 90% of the LIHEAP block grant funds in the first federal fiscal year in which they are awarded. If funds are left over after the end of the first federal fiscal year, the Department must either return those funds or report to the grantor the amount it intends to carry over and reallot. The Department may carry over up to 10% of the funds payable for obligation no later than the end of the following federal fiscal year. Funds not obligated by the end of the second fiscal year of the award must be returned to ACF. The limits on the period for the expenditure of funds are communicated to award recipients.
LIHEAP awards typically have a two-year project period when the Department may obligate funds to subrecipients through subawards and incur administrative costs to execute the award. The subawards define the period of performance for subrecipients to spend these funds. Departmental administrative costs are considered obligated when the expenditure activity occurs. As such, the period of performance for administrative costs aligns with the project period start and end date. If the Department requires more than one year from the project period end date to liquidate allowable costs, it is required to notify the Grantor.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for LIHEAP.
Obligations
During state fiscal year 2024, the Department was required to obligate 90% of funds for the federal fiscal year 2023 award. This amount is reported on the Carryover and Reallotment Report. The Department was unable to provide documentation to support the amount of funds it obligated in the first year of the award. This issue is referenced in finding 2024-051.
Expenditures
During state fiscal year 2024, there were five awards with project end dates. We judgmentally selected and examined 21 expenditures charged to these awards. We found:
• Four (19%) expenditures for which the Department did not provide any documentation to support that the cost occurred during the period of performance
• Three (14%) expenditures for which the documentation the Department provided did not support that the costs occurred during the period of performance
The total costs associated with these seven expenditures are $1,010,249.
In addition, we analyzed expenditures charged to the awards in the accounting system and identified $1,346,137 of administrative activities that occurred after the period of performance.
Liquidations
There were two awards with liquidation periods ending during state fiscal year 2024. We judgmentally selected and examined eight expenditures the Department charged to grants that were liquidating funds during the audit period. We found:
• Three (38%) expenditures for which the Department did not provide any documentation to support that the cost occurred during the period of performance
• Two (25%) expenditures for which the documentation the Department provided did not support that the costs occurred during the period of performance
The total costs associated with these five expenditures are $1,916,227
In addition, we analyzed expenditures charged to the awards and identified $137,148 of administrative activities that occurred after the period of performance.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department misinterpreted the federal regulations, which led management to believe it was compliant with period of performance requirements.
Further, the Department did not provide us with all the documentation to demonstrate that the Department incurred the charges we examined during the period of performance.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it uses federal funds within the period of performance.
We identified $1,483,285 in known questioned costs for expenditures that occurred outside of the period of performance. We also identified $2,926,476 in known questioned costs for expenditures that did not have adequate support to determine if they were within the period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure it complies with period of performance requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department agrees with the internal control weaknesses identified in the report. However, for the contract periods included in this audit we were operating off of guidance received by the United State Department of Health and Human Services (HHS) in 2022. Directly following notification of this deficiency for this audit, we reached out to HHS to clarify the closeout year requirements. In December 2024 we received updated guidance on how to apply the closeout year to current awards.
Beginning with the 2024 program year (October 1, 2023), all subrecipient contracts were issued with a two-year period of performance, which will eliminate new expenses being added to the closeout year. This ensures that all LIHEAP awards will be managed within a consistent two-year period of performance, which aligns with the updated HHS guidance. All future LIHEAP awards will follow the same period of performance principle.
The Department will engage with the HHS to determine the appropriate next steps on how to handle the questioned costs.
The Department is committed to addressing the internal control weaknesses identified in the audit and will continue to strengthen its processes to ensure ongoing compliance with period of performance requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 45 CFR Part 96, section 81, Carryover and reallotment, establishes the procedures relating to carryover and reallotment of regular LIHEAP block grant funds
ACF Supplemental Terms and Conditions, LIHEAP, effective October 1, 2021, states in part:
9. Obligation Deadline:
a. The two-year funding (project) period for this award is concurrent with the obligation period: from the first day of the FFY for which these funds were awarded through the last day of the following FFY. (i.e., October 1, FFY 1 through September 30, FFY 2.) A maximum of 10 percent of the federal funds awarded under this grant may be held available for obligation in the FFY 2 of the project period. If more than 10 percent of a recipient's federal funds remains unobligated at the end of the FFY in which they were allotted, those excess funds must be returned to HHS and are subject to reallotment among all recipients in the next fiscal year. Any federal funds not obligated by the end of the two-year obligation period will be recouped by the Department.
b. Federal funds awarded under this grant must be expended for the purposes for which they were awarded and in payment for obligations made within the time period allotted.
10. Liquidation:
All properly obligated federal funds awarded under this grant must be liquidated in accordance with the recipient’s own fiscal control and funds control procedures. If the recipient requires more than 1 year from the project period end date to liquidate allowable costs, it shall notify the Grants Management Officer identified on its latest Notice of Award. The notification shall include the reason for the delay and the anticipated timeframe for liquidation. Any federal funds from this award not liquidated by the date required under the recipient’s own fiscal control procedures, which may not exceed five years following the fiscal year of award, will be recouped by this Department.
ACF-OCS-LIHEAP-IM-2024-04 LIHEAP Obligations, Expenditures, and Refunds, states in part:
Federal appropriations accounting law at 31 U.S.C. § 1502(a) states that the balance of an appropriation or fund limited for obligation to a definite period is available only for payment of expenses properly incurred during the period of availability or to complete contracts properly made within that period of availability. Grant recipients may not incur new expenditures beyond the period of performance unless necessary to liquidate obligations made during the period of performance under active agreements or subawards with partnering agencies. Grant recipients must liquidate obligations according to the same rules, including the timeframe, required of its own non-federal funding.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-051 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2301WALIEA; 2301WALIEE; 2301WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
The LIHEAP Carryover and Reallotment Report is used to indicate the amount expected to be carried forward for obligation in the following fiscal year and the planned use of those funds. The federal grantor specified there were two key lines items on the report that contained critical information: the carryover amount and the reallotment amount
In the first federal fiscal year after a grant is awarded, the Department must obligate at least 90% of the LIHEAP block grant funds. If funds are left over after the end of the first federal fiscal year, the Department must either return those funds or report the amount it intends to carry over and reallot. The Department must submit this report by August 1, indicating the amount it expects to carry forward for obligation in the following fiscal year and its planned use of those funds.
To complete this report, the Department’s budget unit staff is responsible for reviewing the support and compiling the reported amounts. They are also responsible for completing, reviewing, and approving the report. Program staff are responsible for submitting the report.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for LIHEAP.
The Department reported that there were no funds for reallotment and there was $6,033,389 for carryover from the fiscal year 2023 award. The Department created a spreadsheet with manual inputs to calculate the carryover amount. However, the Department was unable to provide the source documentation to support the amounts on the spreadsheet. As a result, the Department was unable to demonstrate that this reported amount was accurate.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department stated they experienced turnover with key staff responsible for preparing the report. Specifically, the budget staff who had prepared the report in past years left the Department. Instead of budget staff preparing and submitting the report, the program manager, who is not normally involved in this process, was tasked with completing and submitting this report without adequate guidance or oversight by management. The Department stated the staffing changes, combined with duties not being assigned, led to process changes from previous years which resulted in the deficiencies identified.
The Department also did not have written policies or procedures on how to prepare, review and submit this report.
Effect of Condition
Since the Department did not retain supporting documentation and source data for the reports, we were unable to verify whether the amounts the Department reported to the federal grantor were accurate.
Additionally, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance with reporting requirements by suspending or terminating the award, or withholding future awards, should it choose to do so.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure the report is accurate
• Ensure management reviews reports before submission
• Establish written policies and procedures on how to complete the report
• Retain adequate supporting documentation for the report
• Consult with the federal grantor to determine if it should revise and resubmit the report
Department’s Response
The Department agrees with this finding, and is taking the following actions in response:
• Developing procedural documents that articulate roles and responsibilities, and documentation retention requirements.
• Escalation processes that support resolution of any discrepancies in data.
• Implementing a recurring reconciliation processes to find and adjust errors as necessary.
• Updating agency policy to reflect uniform standards that are consistent with a singular interpretation of federal guidance.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Office of Management and Budget, 2024 Compliance Supplement, Assistance Listing 93.568 Low-Income Home Energy Assistance Program, describes the compliance requirements for special and performance reporting.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-052 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6,2101WALWC6, 2101WALWC5, 2201WALIEI,2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it executed the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The Department has two units – energy assistance and weatherization – that administer two different program activities. Each unit is responsible for complying with this reporting requirement and have similar processes for completing the reports. When a new or amended subaward is executed, program staff enter its information into the Department’s Contract Management System (CMS). Program staff use the information in the CMS to complete the report. There were a total of 115 awards and amendments that the Department was required to report in fiscal year 2024, totaling $102,300,556.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
During the audit period, the Department was required to report 115 new and amended subawards totaling about $102 million in program funds. We used a nonstatistical sampling method to randomly select and examine 17 out of the total population of 115 subawards. We found that:
• The Department did not report three out of 17 (18%) subawards in FSRS. The Department asserted it submitted the subawards included in one Federal Funding Accountability and Transparency Act report, but did not retain a copy of the report and was unable to retrieve it from FSRS. We attempted to locate these three subawards at USAspending.gov to verify submission but were unable to do so.
• One out of 17 (6%) subawards reported an incorrect subaward amount
• Two out of 17 (12%) subawards reported the incorrect subrecipient name and unique entity identifier
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate processes in place to ensure it reported the correct information and retained documentation for audit purposes.
For the three subawards not retained, Department management said another staff member submitted this report instead of the program manager. This person no longer works at the Department and the program manager does not have access to their FSRS account.
For the three subawards with incorrect information, internal controls were insufficient to ensure the Department correctly entered the information into the CMS.
Effect of Condition
Failing to properly submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines
• Ensure it retains copies of completed reports after submitting
• Ensure it correctly enters subaward details into the CMS
Department’s Response
Commerce concurs with the finding and will work with budget staff to ensure that Notice of Funding Available (NOFA) information is entered into CMS accurately when it is received.
Program staff enter dollar amounts for contracts and amendments into CMS and budget staff enter the Federal Awards information from the NOFA into CMS. Department staff will look into this process and evaluate updating the data entry process to eliminate the possibility of errors in the entry process.
The FFATA Sub Reporting System (FSRS) does not allow users to review reports that were submitted by other users without the request of account migration. The reports could not be provided due to this restriction of the system. The FSRS system is currently being removed and updated to a different site. In the meantime, Department staff will request account migration of previous users to gain access to previously submitted reports.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.
3. What to report. You must report the information about each obligatory action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-053 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6,2101WALWC6, 2101WALWC5, 2201WALIEI,2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Finding 2023-055
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
The Department is required to collect and report program information through various reports.
LIHEAP Performance Data Form
The LIHEAP Performance Data Form has two modules. Module 1 is the Grant Recipient Survey that collects and reports data on sources and uses of LIHEAP funds. Module 2 is the performance measures used to report data on energy burden targeting and reduction, as well as the continuity of home energy services. The Grant Recipient Survey obligation amounts should be compared with the Carryover and Reallotment and SF-425 reports. This reconciliation is needed to ensure the obligated balances for the program year being tested are accurate.
The key line items include:
• “Uses of Funds” represent a state’s obligation of federal LIHEAP funds, not expenditure of federal LIHEAP funds. In some cases, obligated funds are not actually expended until after the end of the federal fiscal year.
• The total “Uses of Funds” (shown in Item 45 of Section IV) should equal the total “Sources of Funds” (shown in Item 16 of Section III).
• “Other LIHEAP assistance” would include federal LIHEAP funds used to provide “other crisis assistance,” such as furnace or air conditioner repairs or replacements.
Annual Report on Households Assisted by LIHEAP
The Annual Report on Households is used to report data on the number, income levels and demographic information on both households assisted and households applying for assistance.
Both reports are required to separate the data by regular LIHEAP funding and additional LIHEAP funding under the Coronavirus Aid, Relief, and Economic Security (CARES) Act, and the American Rescue Plan Act of 2021 (ARPA).
Quarterly Performance and Management Report
The Quarterly Performance and Management Report requires the Department to report aggregated data on total households assisted, performance management metrics and estimated uses of LIHEAP funds, along with some narrative information about program implementation and support.
The Department maintains a LIHEAP database that stores recipient information used to complete many sections of these reports. Department staff rely on reports with preset criteria from this database to pull necessary information.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for LIHEAP. The prior finding numbers were 2023-055, 2022-039 and 2021-032.
Description of Condition
The Department did not have adequate internal controls over and did not comply with the reporting requirements for LIHEAP.
To ensure the data pulled from the LIHEAP database is accurate and complete, we reviewed the stored procedures for generating the reports. We found that there were errors in the logic that caused these reports to not capture the correct program data that should have been reported to the federal grantor.
We reviewed the LIHEAP Performance Data Form and Annual Report on Households Assisted for the federal fiscal year ending September 30, 2023. In addition, we reviewed the four Quarterly Performance and Management Reports that the Department submitted during the audit period. We examined each report and attempted to recalculate the information reported using the supporting documentation used to prepare the reports and data from the LIHEAP database.
We identified the following discrepancies:
LIHEAP Performance Data Form
In Module 1 Estimated Uses of LIHEAP Funds, 15 of the 21 fields had discrepancies:
• Eight of 21 (38%) fields were inaccurate. The range of variance on what was reported and what was supported was between -$5,699,151 and $96,661.
• The Department was unable to provide support for seven of 21 (33%) fields
Furthermore, we found a discrepancy of $1,945,675 between the total source of funds in section III and the total use of funds in section IV where these amounts should match.
Lastly, the amount reported for obligations on the Performance Data Form did not reconcile to the amounts reported on both the Carryover and Reallotment and the SF-425 reports. The Department reported $99,468,214 in total obligations on the Performance Data Form and $101,962,464 on the Carryover and Reallotment and SF-425 reports for a difference of $2,494,250.
Annual Report on Households Assisted by LIHEAP
• Ten of 14 (71%) fields we examined were inaccurate.
• The differences in the amounts reported and data from the LIHEAP database were between 6322 households underreported to 35 households overreported.
Quarterly Performance and Management Report
• Sections 1, Total Households Assisted and 2, Performance Management:
o For 2023 Q3 we determined that three out of three (100%) fields were inaccurate.
The difference between values reported and data provided were between 103 to 3924 households underreported.
o For 2023 Q4 we determined that three out of three (100%) fields were inaccurate.
The difference between values reported and data provided were between one to 451 households underreported.
• Section 3, Estimated Uses of Funds:
o For the 2023 Q3 & Q4 reports there was a difference of -$7,286,259 in the reported amount of funds obligated with the amount in documentation provided.
o For the 2024 Q1 & Q2 reports there was a difference of -$8,528,492 in the reported amount of funds obligated with the amount in documentation provided.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
For all three reports, there were errors in the logic used to pull data from the LIHEAP Database that caused sections of these reports to contain inaccurate data. The Department did not detect these errors before the audit. In addition, management did not ensure they properly reviewed and approved these reports before the Department submitted them.
In response to the prior year finding, the Department began to retain source documentation used at the time of completing these reports. However, for the Quarterly Performance Management Report, the Department had already completed two of the quarterly reports before implementing this new process. Therefore, current data from the LIHEAP database was used to test these two quarters and since this is real-time data that can change over time without the ability to track changes, the data used to verify the reported amounts has changed since the time of report submission.
Department officials also said the agency is understaffed and experienced turnover among key personnel, including management, who are involved in preparing and submitting the reports.
Effect of Condition
By not establishing proper logic to pull data from the LIHEAP database, the Department cannot ensure the amounts reported to the federal grantor were complete and accurate.
Additionally, by not retaining supporting documentation and source data for the Quarterly Performance Management Report, management was unable to demonstrate the amounts the Department reported to the federal grantor were complete and accurate.
Finally, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance with reporting requirements by suspending or terminating the award, or withholding future awards, should it choose to do so.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure the reports are accurate and complete
• Establish effective internal controls to ensure that the LIHEAP Database reports are accurate and complete
• Ensure management reviews reports before submission
• Ensure it retains supporting documentation and real-time data used to prepare the reports
• Ensure all amounts reported align with reporting requirements and methodologies
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Department’s Response
We concur with the audit finding and are committed to implementing corrective actions to address the identified discrepancies. Program staff will work with the Financial Services Division (FSD) staff to enhance internal controls and ensure accurate reporting by requiring that all sections completed by budget staff be reviewed and approved by the Budget Manager for completeness and accuracy prior to submission to the program for entry into the Federal Reporting System. Additionally, budget and accounting staff and managers will ensure Module 1 of the LIHEAP Performance Data Form reconciles to the amounts reported on both the Carryover and Reallotment, and the SF-425 reports to prevent reporting inconsistencies.
As a result of the deficiencies identified, information technology (IT) staff conducted a thorough review of the LIHEAP Admin Report 706 – LIHEAP AT 2024 HHR Long Form FY 24 and identified errors affecting data accuracy. System updates were implemented to correct these issues and ensure alignment with the federal reporting guidelines. IT staff will continue to monitor and refine data processes to improve accuracy and consistency. These efforts will ensure that LIHEAP reports remain complete, accurate, and compliant with federal reporting requirements.
It is important to note that quarterly reports are point-in-time counts and can change throughout the program year. The inaccuracies in the quarterly reports were due to the omission of LIHEAP Weatherization obligations. Following guidance from the U.S. Department of Health and Human Services program staff will include LIHEAP-Weatherization obligations for all future reporting.
To better explain some of the deficiencies reported, the period of performance audited is the state fiscal year which presents challenges in immediately implementing corrective actions. Each SAO audit covers two overlapping federal award periods which restricts our ability to make required changes until the next program cycle, as contracts and NOFA information are already executed when findings are issued. Despite this, the program is committed to integrating necessary corrections at the start of each new program year to improve the accuracy and completeness of LIHEAP reporting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart 342, Monitoring and reporting program performance, states in part:
b. Non-construction performance reports. The HHS awarding agency must use standard, OMB-approved data elements for collection of performance information (including performance progress reports, Research Performance Progress Report, or such future collections as may be approved by OMB and listed on the OMB Web site).
1. The non-Federal entity must submit performance reports at the interval required by the HHS awarding agency or pass-through entity to best inform improvements in program outcomes and productivity. Intervals must be no less frequent than annually nor more frequent than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes. Annual reports must be due 90 calendar days after the reporting period; quarterly or semiannual reports must be due 30 calendar days after the reporting period. Alternatively, the HHS awarding agency or pass-through entity may require annual reports before the anniversary dates of multiple year Federal awards. The final performance report will be due 90 calendar days after the period of performance end date. If a justified request is submitted by a non-Federal entity, the HHS awarding agency may extend the due date for any performance report.
Title 45 CFR Part 96, Subpart 82, Required report on households assisted, states in part:
a. Each grantee which is a State or an insular area which receives an annual allotment of at least $200,000 shall submit to the Department, as part of its LIHEAP grant application, the data required by section 2605(c)(1)(G) of Public Law 97-35 (42 U.S.C. 8624(c)(1)(G)) for the 12-month period corresponding to the Federal fiscal year (October 1 – September 30) preceding the fiscal year for which funds are requested. The data shall be reported separately for LIHEAP heating, cooling, crisis, and weatherization assistance.
Office of Management and Budget, 2024 Compliance Supplement, Assistance Listing 93.568 Low-Income Home Energy Assistance Program, describes the compliance requirements for special and performance reporting.
The U.S. Department of Health and Human Services, Division of Energy Assistance, Office of Community Services, Administration of Children and Families, provides the following reporting instructions:
• Instructions for the LIHEAP Performance Data Form for FFY 2023
• Instructions for the LIHEAP Household Report for FFY 2023 – Long Form
• Instructions for Completion of the Quarterly Performance and Management Report for the Low-Income Home Energy Assistance Program
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-054 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for the Low-Income Home Energy Assistance Program are clearly identified as subawards.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6, 2101WALWC6, 2101WALWC5, 2201WALIEI, 2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, 2023-056
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. During the audit period, the energy assistance program allocated funds to 26 subrecipients to assist low-income households with their energy costs, and the weatherization program allocated funds to 24 subrecipients for construction projects to increase the energy efficiency of homes and apartments. About 85% of LIHEAP funds go to the energy assistance program, with no more than 15% allocated for weatherization activities. Each program makes separate subawards to subrecipients.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified to a subrecipient as a subaward, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. The contract unit creates and maintains contract and subaward templates that programs use to draft contracts and subawards but is not involved in reviewing these subawards for compliance prior to execution. LIHEAP program management prepare and review subawards prior to execution to ensure all elements are included in the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for LIHEAP contained the federal award identification elements. The prior finding number was 2023-056.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for LIHEAP are clearly identified as subawards.
During the audit period, the Department executed 63 LIHEAP subawards for the energy assistance and weatherization programs. The Department uses the same process for these two programs to ensure the 14 federal award identification elements are included in the subawards. We used a nonstatistical sampling method to randomly select and examine 12 out of a total population of 63.
We found that seven subawards (58%) for energy assistance did not clearly identify the subaward as such to the subrecipient. On the face sheet of these subawards there are boxes to identify if the agreement is for a subrecipient or contract. For these seven awards, the Department identified it was for a contractor instead of a subrecipient even though the fields on the face sheet use the term “grantee.” In addition, for these seven agreements, the page following the face sheet in the agreement is a sheet titled "Contract Information Sheet." This sheet refers to the subrecipient as a contractor and continues to use the terms contract and contractor throughout the remainder of the agreement.
All seven of the agreements are also titled as “Federal Client Service Contract.” Washington state law has specific guidance and requirements related to client service contracts that are not consistent with requirements for subawards.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The program manager for energy assistance believed these award recipients to be contractors instead of subrecipients. In addition, the contract and subaward templates created by the contract unit at the Department use consistent language throughout, but the program manager edited the templates, resulting in inconsistent language.
Effect of Condition
By not correctly identifying the award as a subaward, the Department cannot ensure the subrecipient will comply with federal subrecipient requirements.
Recommendation
We recommend the Department establish policies and procedures and provide training for staff to ensure subawards are clearly identified as such to subrecipients. In addition, we recommend the Department consider incorporating the contracts unit when reviewing draft contracts and subawards.
Department’s Response
The Department acknowledges the SAO finding but clarifies that the terminology used in subawards was not the result of a program manager’s independent modifications, the term “contractor” is included in Department contracts to refer to the entity the Department is contracting with, it was not used to designate the federal recipient type. Department templates used for subrecipient awards have been updated to include a designation of contractor or subrecipient.
For all future contracts, the LIHEAP program will ensure the applicable contract templates are used to include the federal recipient type and all of the requirements for pass through entities.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
a. Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. …
Title 45 CFR Part 75, section 2, Definitions, state, in part:
These are the definitions for terms used in this part. Different definitions may be found in Federal statutes or regulations that apply more specifically to particular program or activities. These definitions could be supplemented by additional instructional information provided in in governmentwide standard information collections.
Contract means a legal instrument by which a non-Federal entity purchases property or services needed to carry out the project or program under a Federal award. The term as used in this part does not include a legal instrument, even if the non-Federal entity considers it a contract, when the substance of the transaction meets the definition of a Federal award or subaward (see Subaward).
Contractor means an entity that receives a contract as defined in Contract.
Subaward means an award provided by a pass-through entity to a subrecipient for the subrecipient to carry out part of a Federal award received by the pass-through entity. It does not include payments to a contractor or payments to an individual that is a beneficiary of a Federal program. A subaward may be provided through any form of legal agreement, including an agreement that the pass-through entity considers a contract.
Subrecipient means a non-Federal entity that receives a subaward from a pass-through entity to carry out part of a Federal program; but does not include an individual that is a beneficiary of such program. A subrecipient may also be a recipient of other Federal awards directly from a Federal awarding agency.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 39 Revised Code of Washington, Chapter 39.26, Procurement of Goods and Services, contains guidance on the procurement of goods and services, including for client service contracts.
2024-055 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Low Income Home Energy Assistance program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6, 2101WALWC6, 2101WALWC5, 2201WALIEI, 2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The subrecipients included on this list are provided to the Internal Control Office by program staff.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the LIHEAP received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit period, the spreadsheet used to monitor compliance with these requirements included seven LIHEAP subrecipients. By reviewing prior year LIHEAP expenditures, we determined there were 33 LIHEAP subrecipients that may have been required to receive a single audit. We requested the Department verify this number, but did not receive a confirmation. As a result, we concluded the Department did not properly track 26 out of these 33 subrecipients to review the subrecipients’ audits for program-funded findings and completion of required management decisions, if applicable.
In addition, we found one subrecipient received a LIHEAP finding requiring a management decision letter. This subrecipient was not tracked on the spreadsheet and no letter was issued by the end of the audit period, 14 months after the report was accepted into the Federal Audit Clearinghouse.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Internal Control Office staff responsible for ensuring compliance received a list of subrecipients from program staff, but did not verify that the list was complete. Therefore, the list provided by program staff was tracked, but not the remaining subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients received single audits when they were required. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the Department:
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to
determine if any additional subrecipients are required to take corrective action to address
audit recommendations
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients
and issues written management decisions, as required
• Ensure subrecipients develop and take acceptable corrective actions to adequately address
all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department appreciates the review of the single audit verification process but respectfully disagrees with information reported in the finding. The Internal Controls Office (ICO) implemented strong internal controls in 2022 to monitor and verify single audit reporting. This is supported by fiscal year 2023 opinions issued which found no deficiencies. During the current audit the auditor in charge changed three times leading to issues in understanding of the monitoring process. Additionally, a total of eight subrecipients were selected for testing of management decisions, however, seven of those selected were drawn inaccurately and not applicable for testing at Commerce.
The process to identify, review, verify and document subrecipients who meet the federal single audit reporting requirements in comprehensive but relies on information provided from internal programs. ICO staff generate a Contracts Management System (CMS) report, an Agency Financial Reporting System (AFRS) report to identify federally funded subrecipients then confirm then with program staff. The process largely relies on our program partners to confirm their list of subrecipients.
As referenced in the current year LIHEAP finding for subrecipient monitoring subaward language, most of the subrecipients were identified as contractors who are exempt from federal reporting resulting in the ICO receiving an incomplete list of subrecipients to verify. A total of eight LIHEAP recipients were verified as they received funding and were confirmed as subrecipients of other programs. After receiving the updated list of subrecipients in October 2024, ICO staff verified all but three, of those, two did not meet the reporting threshold and one report we are requesting to obtain from the entity. The Department acknowledges internal controls need to be strengthened in the determination of recipient type.
As a result of staffing shortages, the management decision letter tested was not issued within the six month requirement. We have worked on addressing the staffing shortages and will continue to strengthen controls and compliance when deficiencies are identified.
Auditor’s Remarks
The original testing selections sent to the Department did include seven Department subrecipients that did not have findings related to the LIHEAP program, but these were removed from the testing population once this was identified during the normal audit process and they were not included in our reported results.
We appreciate the Department acknowledges that it did not monitor the single audit requirement for all LIHEAP subrecipients during the audit period and that the only subrecipient with a LIHEAP finding did not receive a management decision letter. We also appreciate the Department’s commitment to strengthening its control processes to ensure it has a full population of subrecipients that are required to be monitored for compliance.
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-049 The Department of Commerce improperly charged $492,317 to earmarking requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WAE5C6; 2101WALIEA
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Earmarking
Known Questioned Cost Amount: $492,317
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia, and territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Federal regulations require the Department to meet the following earmark requirements:
• No more than 10% of a state’s LIHEAP funds may be used for planning and administrative costs
• No more than 15% of LIHEAP funds may be used for low-cost residential weatherization or other energy-related home repairs
• No more than 5% of LIHEAP funds may be used to provide services that encourage and enable households to reduce their home energy needs and therefore their need for energy assistance
To ensure the Department meets the earmark requirements, when a new award is received, staff create an allocation model to calculate the maximum allowable earmarking amounts. Each award is given unique project codes in the accounting system to track expenditures against the earmark amounts.
Description of Condition
The Department of Commerce improperly charged $492,317 to earmarking requirements for LIHEAP.
We found the Department had procedures to track earmarking requirements and had adequate internal controls to ensure material compliance.
During fiscal year 2024, there were two awards that were required to meet the earmark limits. We found both awards overspent the 15% weatherization earmark as follows:
• For award 2101WAE5C6, the Department overspent the amount by $287,998.
• For award 2101WALIEA, the Department overspent the amount by $204,319.
The total questioned cost amount is $492,317.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the questioned costs exceeded that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
When completing the allocation model to determine earmarking amounts, the Department initially allocated 15% of the total award funds to weatherization. However, staff allocated additional subrecipient administrative funds to the initial allocated amount, bringing the weatherization total beyond the allowed earmark. Staff identified this error, but the Department had already obligated funds to subrecipients from this allocation and chose not to correct the subaward amounts.
Effect of Condition and Questioned Costs
We identified $492,317 in questioned costs on activities that exceeded the weatherization earmark amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Department consult with the federal grantor to discuss whether it should repay the questioned costs identified in the audit.
Department’s Response
The Department appreciates the detailed audit of the earmarking process in use by the Low Income Home Energy Assistance Program (LIHEAP). Following receipt of the audit recommendations, budget and Internal Controls Office staff reviewed the total expenditures used to calculate the questioned costs and determined the amounts reported were accurate. Program staff will seek guidance from the Department of Health and Human Services (HHS) Office of Community Services (OCS) regarding the questioned costs.
To ensure accuracy and compliance of current and future awards, LIHEAP program staff are currently collaborating with budget staff to work towards alignment between divisions with federal requirements. This includes a thorough review of financial records, detailed reconciliations, and adjustments to budgeting procedures to prevent future occurrences.
Moving forward, the Department will implement enhanced internal controls and monitoring processes to ensure accurate budgeting and reporting of earmarked funds. We are committed to maintaining compliance with federal requirements and demonstrating our accountability in managing public funds.
The Department will provide the results of the consultation of HHS during the next scheduled LIHEAP audit or audit follow-up.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 CFR Part 75.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards establishes definitions for questioned costs. Part 75.410 establishes requirements for the collection of unallowable costs.
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 United States Code, Section 8624(k), Limitations on use of funds; waiver, establishes that no more than 15% may be used by the State for low-cost residential weatherization or other energy-related home repair for low-income households.
2024-050 The Department of Commerce did not have adequate internal controls over and did not comply with period of performance requirements for the Low-Income Home Energy Assistance program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA, 2101WAE5C6, 2101WALWC6, 2101WALWC5, 2201WALIEI, 2201WALIEA, 2201WALIE4
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $4,409,760
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families (ACF), administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Federal regulations require the Department to obligate at least 90% of the LIHEAP block grant funds in the first federal fiscal year in which they are awarded. If funds are left over after the end of the first federal fiscal year, the Department must either return those funds or report to the grantor the amount it intends to carry over and reallot. The Department may carry over up to 10% of the funds payable for obligation no later than the end of the following federal fiscal year. Funds not obligated by the end of the second fiscal year of the award must be returned to ACF. The limits on the period for the expenditure of funds are communicated to award recipients.
LIHEAP awards typically have a two-year project period when the Department may obligate funds to subrecipients through subawards and incur administrative costs to execute the award. The subawards define the period of performance for subrecipients to spend these funds. Departmental administrative costs are considered obligated when the expenditure activity occurs. As such, the period of performance for administrative costs aligns with the project period start and end date. If the Department requires more than one year from the project period end date to liquidate allowable costs, it is required to notify the Grantor.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for LIHEAP.
Obligations
During state fiscal year 2024, the Department was required to obligate 90% of funds for the federal fiscal year 2023 award. This amount is reported on the Carryover and Reallotment Report. The Department was unable to provide documentation to support the amount of funds it obligated in the first year of the award. This issue is referenced in finding 2024-051.
Expenditures
During state fiscal year 2024, there were five awards with project end dates. We judgmentally selected and examined 21 expenditures charged to these awards. We found:
• Four (19%) expenditures for which the Department did not provide any documentation to support that the cost occurred during the period of performance
• Three (14%) expenditures for which the documentation the Department provided did not support that the costs occurred during the period of performance
The total costs associated with these seven expenditures are $1,010,249.
In addition, we analyzed expenditures charged to the awards in the accounting system and identified $1,346,137 of administrative activities that occurred after the period of performance.
Liquidations
There were two awards with liquidation periods ending during state fiscal year 2024. We judgmentally selected and examined eight expenditures the Department charged to grants that were liquidating funds during the audit period. We found:
• Three (38%) expenditures for which the Department did not provide any documentation to support that the cost occurred during the period of performance
• Two (25%) expenditures for which the documentation the Department provided did not support that the costs occurred during the period of performance
The total costs associated with these five expenditures are $1,916,227
In addition, we analyzed expenditures charged to the awards and identified $137,148 of administrative activities that occurred after the period of performance.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department misinterpreted the federal regulations, which led management to believe it was compliant with period of performance requirements.
Further, the Department did not provide us with all the documentation to demonstrate that the Department incurred the charges we examined during the period of performance.
Effect of Condition and Questioned Costs
Without establishing adequate internal controls, the Department cannot reasonably ensure it uses federal funds within the period of performance.
We identified $1,483,285 in known questioned costs for expenditures that occurred outside of the period of performance. We also identified $2,926,476 in known questioned costs for expenditures that did not have adequate support to determine if they were within the period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure it complies with period of performance requirements
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department agrees with the internal control weaknesses identified in the report. However, for the contract periods included in this audit we were operating off of guidance received by the United State Department of Health and Human Services (HHS) in 2022. Directly following notification of this deficiency for this audit, we reached out to HHS to clarify the closeout year requirements. In December 2024 we received updated guidance on how to apply the closeout year to current awards.
Beginning with the 2024 program year (October 1, 2023), all subrecipient contracts were issued with a two-year period of performance, which will eliminate new expenses being added to the closeout year. This ensures that all LIHEAP awards will be managed within a consistent two-year period of performance, which aligns with the updated HHS guidance. All future LIHEAP awards will follow the same period of performance principle.
The Department will engage with the HHS to determine the appropriate next steps on how to handle the questioned costs.
The Department is committed to addressing the internal control weaknesses identified in the audit and will continue to strengthen its processes to ensure ongoing compliance with period of performance requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Title 45 CFR Part 96, section 81, Carryover and reallotment, establishes the procedures relating to carryover and reallotment of regular LIHEAP block grant funds
ACF Supplemental Terms and Conditions, LIHEAP, effective October 1, 2021, states in part:
9. Obligation Deadline:
a. The two-year funding (project) period for this award is concurrent with the obligation period: from the first day of the FFY for which these funds were awarded through the last day of the following FFY. (i.e., October 1, FFY 1 through September 30, FFY 2.) A maximum of 10 percent of the federal funds awarded under this grant may be held available for obligation in the FFY 2 of the project period. If more than 10 percent of a recipient's federal funds remains unobligated at the end of the FFY in which they were allotted, those excess funds must be returned to HHS and are subject to reallotment among all recipients in the next fiscal year. Any federal funds not obligated by the end of the two-year obligation period will be recouped by the Department.
b. Federal funds awarded under this grant must be expended for the purposes for which they were awarded and in payment for obligations made within the time period allotted.
10. Liquidation:
All properly obligated federal funds awarded under this grant must be liquidated in accordance with the recipient’s own fiscal control and funds control procedures. If the recipient requires more than 1 year from the project period end date to liquidate allowable costs, it shall notify the Grants Management Officer identified on its latest Notice of Award. The notification shall include the reason for the delay and the anticipated timeframe for liquidation. Any federal funds from this award not liquidated by the date required under the recipient’s own fiscal control procedures, which may not exceed five years following the fiscal year of award, will be recouped by this Department.
ACF-OCS-LIHEAP-IM-2024-04 LIHEAP Obligations, Expenditures, and Refunds, states in part:
Federal appropriations accounting law at 31 U.S.C. § 1502(a) states that the balance of an appropriation or fund limited for obligation to a definite period is available only for payment of expenses properly incurred during the period of availability or to complete contracts properly made within that period of availability. Grant recipients may not incur new expenditures beyond the period of performance unless necessary to liquidate obligations made during the period of performance under active agreements or subawards with partnering agencies. Grant recipients must liquidate obligations according to the same rules, including the timeframe, required of its own non-federal funding.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-051 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2301WALIEA; 2301WALIEE; 2301WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
The LIHEAP Carryover and Reallotment Report is used to indicate the amount expected to be carried forward for obligation in the following fiscal year and the planned use of those funds. The federal grantor specified there were two key lines items on the report that contained critical information: the carryover amount and the reallotment amount
In the first federal fiscal year after a grant is awarded, the Department must obligate at least 90% of the LIHEAP block grant funds. If funds are left over after the end of the first federal fiscal year, the Department must either return those funds or report the amount it intends to carry over and reallot. The Department must submit this report by August 1, indicating the amount it expects to carry forward for obligation in the following fiscal year and its planned use of those funds.
To complete this report, the Department’s budget unit staff is responsible for reviewing the support and compiling the reported amounts. They are also responsible for completing, reviewing, and approving the report. Program staff are responsible for submitting the report.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for LIHEAP.
The Department reported that there were no funds for reallotment and there was $6,033,389 for carryover from the fiscal year 2023 award. The Department created a spreadsheet with manual inputs to calculate the carryover amount. However, the Department was unable to provide the source documentation to support the amounts on the spreadsheet. As a result, the Department was unable to demonstrate that this reported amount was accurate.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department stated they experienced turnover with key staff responsible for preparing the report. Specifically, the budget staff who had prepared the report in past years left the Department. Instead of budget staff preparing and submitting the report, the program manager, who is not normally involved in this process, was tasked with completing and submitting this report without adequate guidance or oversight by management. The Department stated the staffing changes, combined with duties not being assigned, led to process changes from previous years which resulted in the deficiencies identified.
The Department also did not have written policies or procedures on how to prepare, review and submit this report.
Effect of Condition
Since the Department did not retain supporting documentation and source data for the reports, we were unable to verify whether the amounts the Department reported to the federal grantor were accurate.
Additionally, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance with reporting requirements by suspending or terminating the award, or withholding future awards, should it choose to do so.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure the report is accurate
• Ensure management reviews reports before submission
• Establish written policies and procedures on how to complete the report
• Retain adequate supporting documentation for the report
• Consult with the federal grantor to determine if it should revise and resubmit the report
Department’s Response
The Department agrees with this finding, and is taking the following actions in response:
• Developing procedural documents that articulate roles and responsibilities, and documentation retention requirements.
• Escalation processes that support resolution of any discrepancies in data.
• Implementing a recurring reconciliation processes to find and adjust errors as necessary.
• Updating agency policy to reflect uniform standards that are consistent with a singular interpretation of federal guidance.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Office of Management and Budget, 2024 Compliance Supplement, Assistance Listing 93.568 Low-Income Home Energy Assistance Program, describes the compliance requirements for special and performance reporting.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-052 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6,2101WALWC6, 2101WALWC5, 2201WALIEI,2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it executed the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
The Department has two units – energy assistance and weatherization – that administer two different program activities. Each unit is responsible for complying with this reporting requirement and have similar processes for completing the reports. When a new or amended subaward is executed, program staff enter its information into the Department’s Contract Management System (CMS). Program staff use the information in the CMS to complete the report. There were a total of 115 awards and amendments that the Department was required to report in fiscal year 2024, totaling $102,300,556.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act.
During the audit period, the Department was required to report 115 new and amended subawards totaling about $102 million in program funds. We used a nonstatistical sampling method to randomly select and examine 17 out of the total population of 115 subawards. We found that:
• The Department did not report three out of 17 (18%) subawards in FSRS. The Department asserted it submitted the subawards included in one Federal Funding Accountability and Transparency Act report, but did not retain a copy of the report and was unable to retrieve it from FSRS. We attempted to locate these three subawards at USAspending.gov to verify submission but were unable to do so.
• One out of 17 (6%) subawards reported an incorrect subaward amount
• Two out of 17 (12%) subawards reported the incorrect subrecipient name and unique entity identifier
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have adequate processes in place to ensure it reported the correct information and retained documentation for audit purposes.
For the three subawards not retained, Department management said another staff member submitted this report instead of the program manager. This person no longer works at the Department and the program manager does not have access to their FSRS account.
For the three subawards with incorrect information, internal controls were insufficient to ensure the Department correctly entered the information into the CMS.
Effect of Condition
Failing to properly submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it accurately reports all first-tier subawards of $30,000 or more in FSRS by the federal deadlines
• Ensure it retains copies of completed reports after submitting
• Ensure it correctly enters subaward details into the CMS
Department’s Response
Commerce concurs with the finding and will work with budget staff to ensure that Notice of Funding Available (NOFA) information is entered into CMS accurately when it is received.
Program staff enter dollar amounts for contracts and amendments into CMS and budget staff enter the Federal Awards information from the NOFA into CMS. Department staff will look into this process and evaluate updating the data entry process to eliminate the possibility of errors in the entry process.
The FFATA Sub Reporting System (FSRS) does not allow users to review reports that were submitted by other users without the request of account migration. The reports could not be provided due to this restriction of the system. The FSRS system is currently being removed and updated to a different site. In the meantime, Department staff will request account migration of previous users to gain access to previously submitted reports.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.
3. What to report. You must report the information about each obligatory action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-053 The Department of Commerce did not have adequate internal controls over and did not comply with reporting requirements for the Low-Income Home Energy Assistance Program.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6,2101WALWC6, 2101WALWC5, 2201WALIEI,2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Finding 2023-055
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
The Department is required to collect and report program information through various reports.
LIHEAP Performance Data Form
The LIHEAP Performance Data Form has two modules. Module 1 is the Grant Recipient Survey that collects and reports data on sources and uses of LIHEAP funds. Module 2 is the performance measures used to report data on energy burden targeting and reduction, as well as the continuity of home energy services. The Grant Recipient Survey obligation amounts should be compared with the Carryover and Reallotment and SF-425 reports. This reconciliation is needed to ensure the obligated balances for the program year being tested are accurate.
The key line items include:
• “Uses of Funds” represent a state’s obligation of federal LIHEAP funds, not expenditure of federal LIHEAP funds. In some cases, obligated funds are not actually expended until after the end of the federal fiscal year.
• The total “Uses of Funds” (shown in Item 45 of Section IV) should equal the total “Sources of Funds” (shown in Item 16 of Section III).
• “Other LIHEAP assistance” would include federal LIHEAP funds used to provide “other crisis assistance,” such as furnace or air conditioner repairs or replacements.
Annual Report on Households Assisted by LIHEAP
The Annual Report on Households is used to report data on the number, income levels and demographic information on both households assisted and households applying for assistance.
Both reports are required to separate the data by regular LIHEAP funding and additional LIHEAP funding under the Coronavirus Aid, Relief, and Economic Security (CARES) Act, and the American Rescue Plan Act of 2021 (ARPA).
Quarterly Performance and Management Report
The Quarterly Performance and Management Report requires the Department to report aggregated data on total households assisted, performance management metrics and estimated uses of LIHEAP funds, along with some narrative information about program implementation and support.
The Department maintains a LIHEAP database that stores recipient information used to complete many sections of these reports. Department staff rely on reports with preset criteria from this database to pull necessary information.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for LIHEAP. The prior finding numbers were 2023-055, 2022-039 and 2021-032.
Description of Condition
The Department did not have adequate internal controls over and did not comply with the reporting requirements for LIHEAP.
To ensure the data pulled from the LIHEAP database is accurate and complete, we reviewed the stored procedures for generating the reports. We found that there were errors in the logic that caused these reports to not capture the correct program data that should have been reported to the federal grantor.
We reviewed the LIHEAP Performance Data Form and Annual Report on Households Assisted for the federal fiscal year ending September 30, 2023. In addition, we reviewed the four Quarterly Performance and Management Reports that the Department submitted during the audit period. We examined each report and attempted to recalculate the information reported using the supporting documentation used to prepare the reports and data from the LIHEAP database.
We identified the following discrepancies:
LIHEAP Performance Data Form
In Module 1 Estimated Uses of LIHEAP Funds, 15 of the 21 fields had discrepancies:
• Eight of 21 (38%) fields were inaccurate. The range of variance on what was reported and what was supported was between -$5,699,151 and $96,661.
• The Department was unable to provide support for seven of 21 (33%) fields
Furthermore, we found a discrepancy of $1,945,675 between the total source of funds in section III and the total use of funds in section IV where these amounts should match.
Lastly, the amount reported for obligations on the Performance Data Form did not reconcile to the amounts reported on both the Carryover and Reallotment and the SF-425 reports. The Department reported $99,468,214 in total obligations on the Performance Data Form and $101,962,464 on the Carryover and Reallotment and SF-425 reports for a difference of $2,494,250.
Annual Report on Households Assisted by LIHEAP
• Ten of 14 (71%) fields we examined were inaccurate.
• The differences in the amounts reported and data from the LIHEAP database were between 6322 households underreported to 35 households overreported.
Quarterly Performance and Management Report
• Sections 1, Total Households Assisted and 2, Performance Management:
o For 2023 Q3 we determined that three out of three (100%) fields were inaccurate.
The difference between values reported and data provided were between 103 to 3924 households underreported.
o For 2023 Q4 we determined that three out of three (100%) fields were inaccurate.
The difference between values reported and data provided were between one to 451 households underreported.
• Section 3, Estimated Uses of Funds:
o For the 2023 Q3 & Q4 reports there was a difference of -$7,286,259 in the reported amount of funds obligated with the amount in documentation provided.
o For the 2024 Q1 & Q2 reports there was a difference of -$8,528,492 in the reported amount of funds obligated with the amount in documentation provided.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
For all three reports, there were errors in the logic used to pull data from the LIHEAP Database that caused sections of these reports to contain inaccurate data. The Department did not detect these errors before the audit. In addition, management did not ensure they properly reviewed and approved these reports before the Department submitted them.
In response to the prior year finding, the Department began to retain source documentation used at the time of completing these reports. However, for the Quarterly Performance Management Report, the Department had already completed two of the quarterly reports before implementing this new process. Therefore, current data from the LIHEAP database was used to test these two quarters and since this is real-time data that can change over time without the ability to track changes, the data used to verify the reported amounts has changed since the time of report submission.
Department officials also said the agency is understaffed and experienced turnover among key personnel, including management, who are involved in preparing and submitting the reports.
Effect of Condition
By not establishing proper logic to pull data from the LIHEAP database, the Department cannot ensure the amounts reported to the federal grantor were complete and accurate.
Additionally, by not retaining supporting documentation and source data for the Quarterly Performance Management Report, management was unable to demonstrate the amounts the Department reported to the federal grantor were complete and accurate.
Finally, the terms and conditions of the federal award allow the grantor to penalize the Department for noncompliance with reporting requirements by suspending or terminating the award, or withholding future awards, should it choose to do so.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure the reports are accurate and complete
• Establish effective internal controls to ensure that the LIHEAP Database reports are accurate and complete
• Ensure management reviews reports before submission
• Ensure it retains supporting documentation and real-time data used to prepare the reports
• Ensure all amounts reported align with reporting requirements and methodologies
• Consult with the federal grantor to determine if revision and resubmission of the reports are necessary to correct amounts reported
Department’s Response
We concur with the audit finding and are committed to implementing corrective actions to address the identified discrepancies. Program staff will work with the Financial Services Division (FSD) staff to enhance internal controls and ensure accurate reporting by requiring that all sections completed by budget staff be reviewed and approved by the Budget Manager for completeness and accuracy prior to submission to the program for entry into the Federal Reporting System. Additionally, budget and accounting staff and managers will ensure Module 1 of the LIHEAP Performance Data Form reconciles to the amounts reported on both the Carryover and Reallotment, and the SF-425 reports to prevent reporting inconsistencies.
As a result of the deficiencies identified, information technology (IT) staff conducted a thorough review of the LIHEAP Admin Report 706 – LIHEAP AT 2024 HHR Long Form FY 24 and identified errors affecting data accuracy. System updates were implemented to correct these issues and ensure alignment with the federal reporting guidelines. IT staff will continue to monitor and refine data processes to improve accuracy and consistency. These efforts will ensure that LIHEAP reports remain complete, accurate, and compliant with federal reporting requirements.
It is important to note that quarterly reports are point-in-time counts and can change throughout the program year. The inaccuracies in the quarterly reports were due to the omission of LIHEAP Weatherization obligations. Following guidance from the U.S. Department of Health and Human Services program staff will include LIHEAP-Weatherization obligations for all future reporting.
To better explain some of the deficiencies reported, the period of performance audited is the state fiscal year which presents challenges in immediately implementing corrective actions. Each SAO audit covers two overlapping federal award periods which restricts our ability to make required changes until the next program cycle, as contracts and NOFA information are already executed when findings are issued. Despite this, the program is committed to integrating necessary corrections at the start of each new program year to improve the accuracy and completeness of LIHEAP reporting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart 342, Monitoring and reporting program performance, states in part:
b. Non-construction performance reports. The HHS awarding agency must use standard, OMB-approved data elements for collection of performance information (including performance progress reports, Research Performance Progress Report, or such future collections as may be approved by OMB and listed on the OMB Web site).
1. The non-Federal entity must submit performance reports at the interval required by the HHS awarding agency or pass-through entity to best inform improvements in program outcomes and productivity. Intervals must be no less frequent than annually nor more frequent than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes. Annual reports must be due 90 calendar days after the reporting period; quarterly or semiannual reports must be due 30 calendar days after the reporting period. Alternatively, the HHS awarding agency or pass-through entity may require annual reports before the anniversary dates of multiple year Federal awards. The final performance report will be due 90 calendar days after the period of performance end date. If a justified request is submitted by a non-Federal entity, the HHS awarding agency may extend the due date for any performance report.
Title 45 CFR Part 96, Subpart 82, Required report on households assisted, states in part:
a. Each grantee which is a State or an insular area which receives an annual allotment of at least $200,000 shall submit to the Department, as part of its LIHEAP grant application, the data required by section 2605(c)(1)(G) of Public Law 97-35 (42 U.S.C. 8624(c)(1)(G)) for the 12-month period corresponding to the Federal fiscal year (October 1 – September 30) preceding the fiscal year for which funds are requested. The data shall be reported separately for LIHEAP heating, cooling, crisis, and weatherization assistance.
Office of Management and Budget, 2024 Compliance Supplement, Assistance Listing 93.568 Low-Income Home Energy Assistance Program, describes the compliance requirements for special and performance reporting.
The U.S. Department of Health and Human Services, Division of Energy Assistance, Office of Community Services, Administration of Children and Families, provides the following reporting instructions:
• Instructions for the LIHEAP Performance Data Form for FFY 2023
• Instructions for the LIHEAP Household Report for FFY 2023 – Long Form
• Instructions for Completion of the Quarterly Performance and Management Report for the Low-Income Home Energy Assistance Program
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-054 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for the Low-Income Home Energy Assistance Program are clearly identified as subawards.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6, 2101WALWC6, 2101WALWC5, 2201WALIEI, 2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, 2023-056
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. During the audit period, the energy assistance program allocated funds to 26 subrecipients to assist low-income households with their energy costs, and the weatherization program allocated funds to 24 subrecipients for construction projects to increase the energy efficiency of homes and apartments. About 85% of LIHEAP funds go to the energy assistance program, with no more than 15% allocated for weatherization activities. Each program makes separate subawards to subrecipients.
Federal regulations require pass-through entities to ensure that every subaward is clearly identified to a subrecipient as a subaward, and that it includes 14 federal award identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number, name of the federal awarding agency, the program’s Assistance Listing Number and title, and more. The contract unit creates and maintains contract and subaward templates that programs use to draft contracts and subawards but is not involved in reviewing these subawards for compliance prior to execution. LIHEAP program management prepare and review subawards prior to execution to ensure all elements are included in the subaward.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for LIHEAP contained the federal award identification elements. The prior finding number was 2023-056.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subawards for LIHEAP are clearly identified as subawards.
During the audit period, the Department executed 63 LIHEAP subawards for the energy assistance and weatherization programs. The Department uses the same process for these two programs to ensure the 14 federal award identification elements are included in the subawards. We used a nonstatistical sampling method to randomly select and examine 12 out of a total population of 63.
We found that seven subawards (58%) for energy assistance did not clearly identify the subaward as such to the subrecipient. On the face sheet of these subawards there are boxes to identify if the agreement is for a subrecipient or contract. For these seven awards, the Department identified it was for a contractor instead of a subrecipient even though the fields on the face sheet use the term “grantee.” In addition, for these seven agreements, the page following the face sheet in the agreement is a sheet titled "Contract Information Sheet." This sheet refers to the subrecipient as a contractor and continues to use the terms contract and contractor throughout the remainder of the agreement.
All seven of the agreements are also titled as “Federal Client Service Contract.” Washington state law has specific guidance and requirements related to client service contracts that are not consistent with requirements for subawards.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The program manager for energy assistance believed these award recipients to be contractors instead of subrecipients. In addition, the contract and subaward templates created by the contract unit at the Department use consistent language throughout, but the program manager edited the templates, resulting in inconsistent language.
Effect of Condition
By not correctly identifying the award as a subaward, the Department cannot ensure the subrecipient will comply with federal subrecipient requirements.
Recommendation
We recommend the Department establish policies and procedures and provide training for staff to ensure subawards are clearly identified as such to subrecipients. In addition, we recommend the Department consider incorporating the contracts unit when reviewing draft contracts and subawards.
Department’s Response
The Department acknowledges the SAO finding but clarifies that the terminology used in subawards was not the result of a program manager’s independent modifications, the term “contractor” is included in Department contracts to refer to the entity the Department is contracting with, it was not used to designate the federal recipient type. Department templates used for subrecipient awards have been updated to include a designation of contractor or subrecipient.
For all future contracts, the LIHEAP program will ensure the applicable contract templates are used to include the federal recipient type and all of the requirements for pass through entities.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
a. Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. …
Title 45 CFR Part 75, section 2, Definitions, state, in part:
These are the definitions for terms used in this part. Different definitions may be found in Federal statutes or regulations that apply more specifically to particular program or activities. These definitions could be supplemented by additional instructional information provided in in governmentwide standard information collections.
Contract means a legal instrument by which a non-Federal entity purchases property or services needed to carry out the project or program under a Federal award. The term as used in this part does not include a legal instrument, even if the non-Federal entity considers it a contract, when the substance of the transaction meets the definition of a Federal award or subaward (see Subaward).
Contractor means an entity that receives a contract as defined in Contract.
Subaward means an award provided by a pass-through entity to a subrecipient for the subrecipient to carry out part of a Federal award received by the pass-through entity. It does not include payments to a contractor or payments to an individual that is a beneficiary of a Federal program. A subaward may be provided through any form of legal agreement, including an agreement that the pass-through entity considers a contract.
Subrecipient means a non-Federal entity that receives a subaward from a pass-through entity to carry out part of a Federal program; but does not include an individual that is a beneficiary of such program. A subrecipient may also be a recipient of other Federal awards directly from a Federal awarding agency.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 39 Revised Code of Washington, Chapter 39.26, Procurement of Goods and Services, contains guidance on the procurement of goods and services, including for client service contracts.
2024-055 The Department of Commerce did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Low Income Home Energy Assistance program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.568 Low-Income Home Energy Assistance Program
93.568 COVID-19 Low-Income Home Energy Assistance Program
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 2101WALIEA,2101WAE5C6, 2101WALWC6, 2101WALWC5, 2201WALIEI, 2201WALIEA, 2201WALIE4, 2301WALIEA, 2301WALIEE, 2301WALIEI, 2401WALIEA, 2401WALIEI
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The U.S. Department of Health and Human Services, through the Office of Community Services at the Administration for Children and Families, administers the Low-Income Home Energy Assistance Program (LIHEAP). The agency distributes LIHEAP block grant funds by formula to states, the District of Columbia and U.S. territories.
In Washington, the Department of Commerce administers LIHEAP, which provides financial assistance to low-income households to meet their home energy needs. The Department administers and awards LIHEAP funds under two programs: the energy assistance program and the weatherization program. Subawards are issued to community-based organizations to provide this assistance. In fiscal year 2024, the Department spent more than $96 million in federal funds, about $89.5 million of which it paid to subrecipients.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more on federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Department must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Internal Control Office uses an Excel workbook to track subrecipients’ single audits along with identifying any program-funded findings. The subrecipients included on this list are provided to the Internal Control Office by program staff.
Federal regulations also require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the LIHEAP received required single audits, and that it appropriately followed up on findings and issued management decisions.
During the audit period, the spreadsheet used to monitor compliance with these requirements included seven LIHEAP subrecipients. By reviewing prior year LIHEAP expenditures, we determined there were 33 LIHEAP subrecipients that may have been required to receive a single audit. We requested the Department verify this number, but did not receive a confirmation. As a result, we concluded the Department did not properly track 26 out of these 33 subrecipients to review the subrecipients’ audits for program-funded findings and completion of required management decisions, if applicable.
In addition, we found one subrecipient received a LIHEAP finding requiring a management decision letter. This subrecipient was not tracked on the spreadsheet and no letter was issued by the end of the audit period, 14 months after the report was accepted into the Federal Audit Clearinghouse.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Internal Control Office staff responsible for ensuring compliance received a list of subrecipients from program staff, but did not verify that the list was complete. Therefore, the list provided by program staff was tracked, but not the remaining subrecipients.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients received single audits when they were required. Further, the Department cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness when required, the Department cannot determine whether its subrecipients have sufficiently corrected issues identified in audit findings.
Recommendations
We recommend the Department:
• Monitor subrecipients to ensure all required audit reports are submitted and reviewed to
determine if any additional subrecipients are required to take corrective action to address
audit recommendations
• Establish effective internal controls to ensure it reviews audit reports for its subrecipients
and issues written management decisions, as required
• Ensure subrecipients develop and take acceptable corrective actions to adequately address
all audit recommendations
• Issue a written management decision for all applicable audit findings, if necessary
Department’s Response
The Department appreciates the review of the single audit verification process but respectfully disagrees with information reported in the finding. The Internal Controls Office (ICO) implemented strong internal controls in 2022 to monitor and verify single audit reporting. This is supported by fiscal year 2023 opinions issued which found no deficiencies. During the current audit the auditor in charge changed three times leading to issues in understanding of the monitoring process. Additionally, a total of eight subrecipients were selected for testing of management decisions, however, seven of those selected were drawn inaccurately and not applicable for testing at Commerce.
The process to identify, review, verify and document subrecipients who meet the federal single audit reporting requirements in comprehensive but relies on information provided from internal programs. ICO staff generate a Contracts Management System (CMS) report, an Agency Financial Reporting System (AFRS) report to identify federally funded subrecipients then confirm then with program staff. The process largely relies on our program partners to confirm their list of subrecipients.
As referenced in the current year LIHEAP finding for subrecipient monitoring subaward language, most of the subrecipients were identified as contractors who are exempt from federal reporting resulting in the ICO receiving an incomplete list of subrecipients to verify. A total of eight LIHEAP recipients were verified as they received funding and were confirmed as subrecipients of other programs. After receiving the updated list of subrecipients in October 2024, ICO staff verified all but three, of those, two did not meet the reporting threshold and one report we are requesting to obtain from the entity. The Department acknowledges internal controls need to be strengthened in the determination of recipient type.
As a result of staffing shortages, the management decision letter tested was not issued within the six month requirement. We have worked on addressing the staffing shortages and will continue to strengthen controls and compliance when deficiencies are identified.
Auditor’s Remarks
The original testing selections sent to the Department did include seven Department subrecipients that did not have findings related to the LIHEAP program, but these were removed from the testing population once this was identified during the normal audit process and they were not included in our reported results.
We appreciate the Department acknowledges that it did not monitor the single audit requirement for all LIHEAP subrecipients during the audit period and that the only subrecipient with a LIHEAP finding did not receive a management decision letter. We also appreciate the Department’s commitment to strengthening its control processes to ensure it has a full population of subrecipients that are required to be monitored for compliance.
We reaffirm our finding and will review the status of the Office’s corrective action during the next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, states, in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $6,000
Prior Year Audit Finding: Yes, Finding 2023-066
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.8 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink.
When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice containing billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2023-066, 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
We used a statistical sampling method to randomly select and examine 58 out of 1,084 foster care payments for travel and family time visits. Of the payments examined, we identified four payments costing $6,000 that lacked adequate documentation to support the amount of travel and family time visits being reimbursed.
We also found the Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition and Questioned Costs
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported. We are questioning the $6,000 in unsupported payments and estimate likely questioned costs to be $20,277.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(a)(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In response to the prior year’s audit, the Contracts Compliance Team, hired two new staff in the last half of calendar year 2023 dedicated to reviewing all regional child welfare client service contracts including family time visit payments. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began reviews of family time visit payments in November 2023. Due to staff resources and the number of contracts, the on-site compliance visits were completed for 44 of the 52 family time contracts in the past two fiscal years. On-site compliance visits are performed on a four year cycle and the Department strives to have all contracts reviewed in state fiscal year 2025.
The Department implemented a new process for creating Sprout invoices from family time activity data during the prior audit period. This process included utilizing algorithms to identify reimbursement outside of reasonable amounts, requiring providers to submit additional documentation or explanation for flagged invoices, and implementing a re-run process to identify duplicate billings. The Department also implemented additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment.
Between January and March 2024, the Department identified and implemented regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported. The Department experienced errors from new staff during the roll-out phases and as part of the Plan, Do, Check, Act (continuous quality improvement process) additional steps were added to the process to ensure payments were accurate. The Department will continue to strengthen internal controls around the review and payment for family time activities and invoices.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-067
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.9 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists gather information from a variety of sources to determine the support level of the child or youth. To ensure maintenance payments are accurate and allowable, the specialists enter the data gathered into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate to meet a child’s needs. Prior to payment, a supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program. The prior finding number was 2023-067.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 29,392 made during the audit period to ensure that the payments are allowable and accurate. We found that the Department did not perform six-month reviews of the reimbursement rates for two payments. This prevented the Department from ensuring it can provide accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not implement some internal control improvements until June 2024.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective June 2024 and as part of the implementation of the new rate assessment process, the Department took the following actions:
• Published a new report in FamLink to assist rate assessors in identifying:
o Six-month reviews that have not been performed timely.
o Cases with upcoming rate assessments and due dates for reviews.
• Implemented monthly tracking by supervisors to assist with internal controls and compliance.
The new tracking report has been helpful in identifying when cases are coming due, when they are overdue, and when they are missing. However, there were errors in the functionality of the report that were identified during the first sixth months the report was used. These errors led to placement resources specialists and their supervisors not having an accurate tool to appropriately identify all cases in need of a resource level determination. Placement resources specialists struggled to properly utilize the new report and as part of the Plan, Do, Check, Act (CQI process) additional steps were added to the process to assist with ensuring the reports were accurate and additional training was provided to staff to ensure they were supported.
During the audit period, the Department expanded level determinations to include unlicensed kinship caregivers for the purpose of providing support which increased the number of resource level determinations and substantially increased workload for the placement resources specialists. In addition, when reviewing the number of cases that are missing rate assessments, many of the cases are for Tribal Dependent Youth for Tribes that have made the decision to do their own level determinations. Tribes are sovereign nations, and we partner with them in this space. We continue to work with Tribes to help determine the best way to support them in completing timely rate assessments.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, establishes rate assessment requirements for the program.
Washington Administrative Code 110-50-0440, Foster care maintenance payment and standardized assessment tool, establishes rate assessment requirements for the program.
2024-068 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-065
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35%, 25% and 40%, respectively, that will total 100%. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2024, the Department allocated about $21 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with certain requirements of its PACAP. The prior finding numbers were 2023-065 and 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (August 2023).
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part:
FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-069 The Department of Children, Youth, and Families did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST; 2402 WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,493
Prior Year Audit Finding: Yes, Finding 2023-068
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Individuals
To be eligible to receive foster care benefits a child must meet specific eligibility requirements including the former Aid to Families with Dependent Children (AFDC) criteria. To meet the AFDC criteria, the child must be in need and deprived of parental support or have a principal wage earner parent who is unemployed.
The Department performs reviews of Title IV-E specialists’ cases to verify that all IV-E cases that are worked, are determined properly. During the audit period the Department had two processes. For the first quarter the Department had supervisors review 2 cases for each Title IV-E specialist they supervised. For the remaining three quarters of our audit period the Department had reimplemented their old process of quarterly peer reviews, where the Title IV-E specialist's review other regions Title IV-E Specialists’ cases to verify that specialists are determining eligibility properly.
Background Checks
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers’ households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results the name-based check, the Department shall provide a complete set of each adult resident’s fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
To ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children the Department verifies that the facility is compliant and that background checks were completed before providing them with a license number.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $163.9 million in federal grant funds. This included about $39.1 million for payments to providers for direct client services, with $1.1 million paid to licensed group care facilities and $16.9 million paid to foster family homes.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children. The prior finding numbers were 2023-068 and 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Individuals
The supervisor and peer reviews were not in place throughout the audit period and were not working as intended. We found the Department did not retain monthly supervisor reviews for the first quarter for two of its six regions. We also found the Department did not perform peer reviews in the second quarter.
We used a statistical sampling method to randomly select and examine 59 out of a total population of 465 children to determine whether they were eligible for the Foster Care program. We found one child who was not eligible, but for whom the Department paid $3,493 in benefits on behalf of using Foster Care program funds.
Background Checks
We used a statistical sampling method to randomly select and examine 57 out of a total population of 1,174 foster home new licenses and relicenses. We found that one foster home operated without a valid license for two months.
In addition, we used a statistical sampling method to randomly select and examine 58 out of a total population of 2,064 employees and household members who required background checks and found:
• Two individuals had background checks that were late with one being nine days after placement and the other being six months late
• Four of the individuals were missing fingerprint background checks
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
Cause of Condition
Individuals
The Department did not include all assets of the family’s resources when calculating the child’s AFDC eligibility resulting in an ineligible client being paid with federal grant funds.
Background Checks
The Department processes over 50,000 background checks annually, with more than 60% processed in an information technology (IT) system that lacks the capability to track an individual’s status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
Additionally, Department management did not monitor to ensure internal controls were sufficient to ensure compliance and that they were being followed.
Effect of Condition and Questioned Costs
Individuals
The Department improperly determined eligibility for one individual leading to known questioned costs of $3,493. We used a nonstatistical sampling method and estimate likely questioned costs to be $33,335.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Background Checks
By not ensuring everyone had cleared background checks before having unsupervised access to children, children may be in unsafe environments that affect their health and safety.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure everyone has cleared background checks before having unsupervised access to children
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As to the State Auditor’s Office (SAO) specific findings, the Department concurs and offers the following detail:
Individuals
The Department concurs that eligibility was improperly determined for one individual during the audit period. Upon notification, the Department processed a correction and returned the federal funds to the grantor. In addition, the Department has made updates to the peer review process to ensure that a sample of cases are reviewed quarterly and all documentation for the reviews are properly retained.
Background Checks
The Department concurs that six background checks were not conducted as required. As stated in the Cause of Condition, the current information technology (IT) system lacks the capability to track an individual’s background check status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
To improve compliance, in January 2024, the Department started shifting its practice to conduct National Crime Information Center (NCIC) background checks for more placements, which will help ensure background checks are completed prior to placement. The Department will continue communication and training for staff on this new process and clarify when this process is applicable. The Department appreciates the SAO’s insights and remains committed to strengthening our processes to ensure compliance with all background check requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
RCW 43.43.837, Fingerprint-based checks – Requirements for applicants and service providers – Shared background checks-Fees-Rules to establish financial responsibility
RCW 74.15.110, Renewal of licenses.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks.
2024-070 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-069
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2024, about 8,000 children were in Washington’s foster care system. In fiscal year 2024, the Department spent about $164 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding numbers were 2023-069 and 2022-051.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 126 lines in aggregate, and ten (8%) of the lines were incorrect.
During our review of the four quarterly reports, we found that all of them contained inaccuracies. Of the 161 reported line items we examined, 141 were related to expenditure amounts and the other 20 were related to child counts.
• The Department misreported 16 expenditure line items
o Eight of these lines were misreported, ranging between ($4,389) and $373. Of the eight identified, two lines had incorrect expenditures that reported to the other six lines through subtotals.
o For the remaining eight expenditure line items, we were unable to determine the accuracy of the reported expenditures.
• The Department also misreported eight line items related to child counts
o Six of these were input incorrectly ranging between (28) and ten children.
o For the remaining two line items, we were unable to determine the accuracy of the child count reported.
We consider these internal control deficiencies to be a material weakness which resulted in material noncompliance.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. The Department did not create accurate crosswalks to ensure reports were run properly and, although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management said that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendation
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department concurs that crosswalks were not reflective of the CB-496 instructions by line during the audit period. The crosswalks properly reflected the financial coding to run accurate reports, except for the splitting of administrative costs into separate lines on the report as outlined in the HHS published instructions.
Inaccurate Reports
SAO stated the Department misreported its program expenditures during the audit period. The Department concurs and offers the following:
• The FFY23 Quarter 4 report was overstated by $373.
• The FFY24 Quarter 1 report was understated by $4,389.
• The FFY24 Quarter 2 and FFY24 Quarter 3 report expenditures were accurate, but the data was not split between the correct administrative reporting lines. This error does not have an effect on the overall administrative expenditures reported to HHS.
The Department manages reporting for the Title IV-E program of $164 million per fiscal year. In proportion to the total expenditures reported, the reporting error identified by SAO is .0025%. The Department will submit a correction to the federal partner during the next reporting period and is committed to strengthening our internal review processes to ensure quarterly reports are completed accurately.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
a. Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
3. The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-071 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Payment Rate Setting and Application
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $15.4 million for foster care maintenance payments.
The Department must establish payment rates for maintenance payments (for example, payments to foster parents, childcare institutions or directly to youth). The Department’s state plan approved by the Administration for Children and Families must provide for periodic review of payment rates for foster care maintenance payments at reasonable, specific, time-limited periods established by the Department to ensure the rate’s continuing appropriateness for the administration of the Title IV-E program. One of seven levels of maintenance payment amounts are assigned to each child based on a variety of factors such as medical needs. Each of the levels includes an overall increase of $342.50 from the previous level. In fiscal year 2024, the Department recalculated its Foster Care maintenance payment rates. The different rate level increases were between $50 and $1,302 per month.
The Department has established rate structures for regular foster care maintenance payments, Behavioral Rehabilitation Service, and administrative service and management fees. The Department performs an economic analysis every four years to determine rates.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
The Department did not have written policies and procedures to ensure it established maintenance payment rates exclusively for allowable, reasonable and necessary activities. During the audit, we reviewed the rate elements the Department used to determine the final maintenance rates. We identified several elements that, in our judgment, appeared to be unnecessary or unreasonable, including:
• Apps/games/ringtones for handheld devices
• Multiple entertainment and recreation costs such as:
o TV/video/audio
o Satellite dishes
o Exercise equipment and gear/game tables
o Video game software
o Streaming/downloaded audio
o Stamp and coin collecting
o Online gaming services
• Food that did not appear to be suitable for children’s activities such as coffee, soda and other carbonated drinks, and sweets
• Baby food included in the calculation for older children
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have written policies and procedures and had no documentation to demonstrate how each rate element above was reasonable and allowable. In addition, the state plan did not reference any policies, laws or regulations regarding how rates should be calculated; it only referenced a policy stating that rates must be recalculated every four years.
In addition, the Department had a two-year moratorium on policies and procedures for the agency. The Department began working on a policy related to Rates, but this work has been delayed due to staff turnover and available resources.
Effect of Condition
After removing the elements described above, rates for level one payments were roughly $50 less than what the Department determined. The Basic Rate difference was $49.79 for children up to five years old, $50.27 for children aged six to 11 years, and $52.29 for children aged 12 years and older. Additionally, the Department could not support the overall increase of $342.50 for each level.
For levels higher than the basic rate, the Department was unable to support the increases, leading to the Department potentially paying more than allowable.
Recommendation
We recommend the Department develop and implement written policies and procedures for setting payment rates to ensure established foster care maintenance payment rates only include allowable costs.
Department’s Response
The Department concurs that policies and procedures related to rate setting for Foster Care maintenance payment are not currently established. Due to limited staffing resources, in September 2024, the Department submitted a budget request for the 2025 supplemental budget. The request included funding for a contractor to establish a formal governance process, policies and procedures, and create a public rate setting calendar and feedback structure for Department rate setting activities. This budget request was not funded by the Legislature.
In February 2025, the Department met with the SAO to gather an understanding of concerns and how reasonable and allowable rates could be documented to assist with compliance. The Department is committed to strengthening internal controls and complying with federal requirements and will prioritize establishing policies and procedures for rate setting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart E-Cost Principles
Title 45 CFR Part 75, Subpart F-Audit Requirements, establishes standards for obtaining consistency and uniformity among HHS agencies for the audit of non-Federal entities expending Federal awards.
Title 42 U.S. Code Chapter 7, Social Security Subchapter IV –Grants to States for Aid and Services to Needy Families with Children and for Child-Welfare Services. Section 675 Definitions Part 4 states in part:
4. The term “foster care maintenance payments” means payments to cover the cost of (and the cost of providing) food, clothing, shelter, daily supervision, school supplies, a child’s personal incidentals, liability insurance with respect to a child, reasonable travel to the child’s home for visitation, and reasonable travel for the child to remain in the school in which the child is enrolled at the time of placement. In the case of institutional care, such term shall include the reasonable costs of administration and operation of such institution as are necessarily required to provide the items described in the preceding sentence.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $6,000
Prior Year Audit Finding: Yes, Finding 2023-066
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.8 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink.
When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice containing billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2023-066, 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
We used a statistical sampling method to randomly select and examine 58 out of 1,084 foster care payments for travel and family time visits. Of the payments examined, we identified four payments costing $6,000 that lacked adequate documentation to support the amount of travel and family time visits being reimbursed.
We also found the Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition and Questioned Costs
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported. We are questioning the $6,000 in unsupported payments and estimate likely questioned costs to be $20,277.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(a)(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In response to the prior year’s audit, the Contracts Compliance Team, hired two new staff in the last half of calendar year 2023 dedicated to reviewing all regional child welfare client service contracts including family time visit payments. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began reviews of family time visit payments in November 2023. Due to staff resources and the number of contracts, the on-site compliance visits were completed for 44 of the 52 family time contracts in the past two fiscal years. On-site compliance visits are performed on a four year cycle and the Department strives to have all contracts reviewed in state fiscal year 2025.
The Department implemented a new process for creating Sprout invoices from family time activity data during the prior audit period. This process included utilizing algorithms to identify reimbursement outside of reasonable amounts, requiring providers to submit additional documentation or explanation for flagged invoices, and implementing a re-run process to identify duplicate billings. The Department also implemented additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment.
Between January and March 2024, the Department identified and implemented regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported. The Department experienced errors from new staff during the roll-out phases and as part of the Plan, Do, Check, Act (continuous quality improvement process) additional steps were added to the process to ensure payments were accurate. The Department will continue to strengthen internal controls around the review and payment for family time activities and invoices.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-067
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.9 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists gather information from a variety of sources to determine the support level of the child or youth. To ensure maintenance payments are accurate and allowable, the specialists enter the data gathered into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate to meet a child’s needs. Prior to payment, a supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program. The prior finding number was 2023-067.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 29,392 made during the audit period to ensure that the payments are allowable and accurate. We found that the Department did not perform six-month reviews of the reimbursement rates for two payments. This prevented the Department from ensuring it can provide accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not implement some internal control improvements until June 2024.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective June 2024 and as part of the implementation of the new rate assessment process, the Department took the following actions:
• Published a new report in FamLink to assist rate assessors in identifying:
o Six-month reviews that have not been performed timely.
o Cases with upcoming rate assessments and due dates for reviews.
• Implemented monthly tracking by supervisors to assist with internal controls and compliance.
The new tracking report has been helpful in identifying when cases are coming due, when they are overdue, and when they are missing. However, there were errors in the functionality of the report that were identified during the first sixth months the report was used. These errors led to placement resources specialists and their supervisors not having an accurate tool to appropriately identify all cases in need of a resource level determination. Placement resources specialists struggled to properly utilize the new report and as part of the Plan, Do, Check, Act (CQI process) additional steps were added to the process to assist with ensuring the reports were accurate and additional training was provided to staff to ensure they were supported.
During the audit period, the Department expanded level determinations to include unlicensed kinship caregivers for the purpose of providing support which increased the number of resource level determinations and substantially increased workload for the placement resources specialists. In addition, when reviewing the number of cases that are missing rate assessments, many of the cases are for Tribal Dependent Youth for Tribes that have made the decision to do their own level determinations. Tribes are sovereign nations, and we partner with them in this space. We continue to work with Tribes to help determine the best way to support them in completing timely rate assessments.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, establishes rate assessment requirements for the program.
Washington Administrative Code 110-50-0440, Foster care maintenance payment and standardized assessment tool, establishes rate assessment requirements for the program.
2024-068 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-065
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35%, 25% and 40%, respectively, that will total 100%. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2024, the Department allocated about $21 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with certain requirements of its PACAP. The prior finding numbers were 2023-065 and 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (August 2023).
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part:
FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-069 The Department of Children, Youth, and Families did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST; 2402 WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,493
Prior Year Audit Finding: Yes, Finding 2023-068
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Individuals
To be eligible to receive foster care benefits a child must meet specific eligibility requirements including the former Aid to Families with Dependent Children (AFDC) criteria. To meet the AFDC criteria, the child must be in need and deprived of parental support or have a principal wage earner parent who is unemployed.
The Department performs reviews of Title IV-E specialists’ cases to verify that all IV-E cases that are worked, are determined properly. During the audit period the Department had two processes. For the first quarter the Department had supervisors review 2 cases for each Title IV-E specialist they supervised. For the remaining three quarters of our audit period the Department had reimplemented their old process of quarterly peer reviews, where the Title IV-E specialist's review other regions Title IV-E Specialists’ cases to verify that specialists are determining eligibility properly.
Background Checks
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers’ households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results the name-based check, the Department shall provide a complete set of each adult resident’s fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
To ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children the Department verifies that the facility is compliant and that background checks were completed before providing them with a license number.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $163.9 million in federal grant funds. This included about $39.1 million for payments to providers for direct client services, with $1.1 million paid to licensed group care facilities and $16.9 million paid to foster family homes.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children. The prior finding numbers were 2023-068 and 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Individuals
The supervisor and peer reviews were not in place throughout the audit period and were not working as intended. We found the Department did not retain monthly supervisor reviews for the first quarter for two of its six regions. We also found the Department did not perform peer reviews in the second quarter.
We used a statistical sampling method to randomly select and examine 59 out of a total population of 465 children to determine whether they were eligible for the Foster Care program. We found one child who was not eligible, but for whom the Department paid $3,493 in benefits on behalf of using Foster Care program funds.
Background Checks
We used a statistical sampling method to randomly select and examine 57 out of a total population of 1,174 foster home new licenses and relicenses. We found that one foster home operated without a valid license for two months.
In addition, we used a statistical sampling method to randomly select and examine 58 out of a total population of 2,064 employees and household members who required background checks and found:
• Two individuals had background checks that were late with one being nine days after placement and the other being six months late
• Four of the individuals were missing fingerprint background checks
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
Cause of Condition
Individuals
The Department did not include all assets of the family’s resources when calculating the child’s AFDC eligibility resulting in an ineligible client being paid with federal grant funds.
Background Checks
The Department processes over 50,000 background checks annually, with more than 60% processed in an information technology (IT) system that lacks the capability to track an individual’s status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
Additionally, Department management did not monitor to ensure internal controls were sufficient to ensure compliance and that they were being followed.
Effect of Condition and Questioned Costs
Individuals
The Department improperly determined eligibility for one individual leading to known questioned costs of $3,493. We used a nonstatistical sampling method and estimate likely questioned costs to be $33,335.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Background Checks
By not ensuring everyone had cleared background checks before having unsupervised access to children, children may be in unsafe environments that affect their health and safety.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure everyone has cleared background checks before having unsupervised access to children
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As to the State Auditor’s Office (SAO) specific findings, the Department concurs and offers the following detail:
Individuals
The Department concurs that eligibility was improperly determined for one individual during the audit period. Upon notification, the Department processed a correction and returned the federal funds to the grantor. In addition, the Department has made updates to the peer review process to ensure that a sample of cases are reviewed quarterly and all documentation for the reviews are properly retained.
Background Checks
The Department concurs that six background checks were not conducted as required. As stated in the Cause of Condition, the current information technology (IT) system lacks the capability to track an individual’s background check status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
To improve compliance, in January 2024, the Department started shifting its practice to conduct National Crime Information Center (NCIC) background checks for more placements, which will help ensure background checks are completed prior to placement. The Department will continue communication and training for staff on this new process and clarify when this process is applicable. The Department appreciates the SAO’s insights and remains committed to strengthening our processes to ensure compliance with all background check requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
RCW 43.43.837, Fingerprint-based checks – Requirements for applicants and service providers – Shared background checks-Fees-Rules to establish financial responsibility
RCW 74.15.110, Renewal of licenses.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks.
2024-070 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-069
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2024, about 8,000 children were in Washington’s foster care system. In fiscal year 2024, the Department spent about $164 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding numbers were 2023-069 and 2022-051.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 126 lines in aggregate, and ten (8%) of the lines were incorrect.
During our review of the four quarterly reports, we found that all of them contained inaccuracies. Of the 161 reported line items we examined, 141 were related to expenditure amounts and the other 20 were related to child counts.
• The Department misreported 16 expenditure line items
o Eight of these lines were misreported, ranging between ($4,389) and $373. Of the eight identified, two lines had incorrect expenditures that reported to the other six lines through subtotals.
o For the remaining eight expenditure line items, we were unable to determine the accuracy of the reported expenditures.
• The Department also misreported eight line items related to child counts
o Six of these were input incorrectly ranging between (28) and ten children.
o For the remaining two line items, we were unable to determine the accuracy of the child count reported.
We consider these internal control deficiencies to be a material weakness which resulted in material noncompliance.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. The Department did not create accurate crosswalks to ensure reports were run properly and, although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management said that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendation
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department concurs that crosswalks were not reflective of the CB-496 instructions by line during the audit period. The crosswalks properly reflected the financial coding to run accurate reports, except for the splitting of administrative costs into separate lines on the report as outlined in the HHS published instructions.
Inaccurate Reports
SAO stated the Department misreported its program expenditures during the audit period. The Department concurs and offers the following:
• The FFY23 Quarter 4 report was overstated by $373.
• The FFY24 Quarter 1 report was understated by $4,389.
• The FFY24 Quarter 2 and FFY24 Quarter 3 report expenditures were accurate, but the data was not split between the correct administrative reporting lines. This error does not have an effect on the overall administrative expenditures reported to HHS.
The Department manages reporting for the Title IV-E program of $164 million per fiscal year. In proportion to the total expenditures reported, the reporting error identified by SAO is .0025%. The Department will submit a correction to the federal partner during the next reporting period and is committed to strengthening our internal review processes to ensure quarterly reports are completed accurately.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
a. Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
3. The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-071 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Payment Rate Setting and Application
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $15.4 million for foster care maintenance payments.
The Department must establish payment rates for maintenance payments (for example, payments to foster parents, childcare institutions or directly to youth). The Department’s state plan approved by the Administration for Children and Families must provide for periodic review of payment rates for foster care maintenance payments at reasonable, specific, time-limited periods established by the Department to ensure the rate’s continuing appropriateness for the administration of the Title IV-E program. One of seven levels of maintenance payment amounts are assigned to each child based on a variety of factors such as medical needs. Each of the levels includes an overall increase of $342.50 from the previous level. In fiscal year 2024, the Department recalculated its Foster Care maintenance payment rates. The different rate level increases were between $50 and $1,302 per month.
The Department has established rate structures for regular foster care maintenance payments, Behavioral Rehabilitation Service, and administrative service and management fees. The Department performs an economic analysis every four years to determine rates.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
The Department did not have written policies and procedures to ensure it established maintenance payment rates exclusively for allowable, reasonable and necessary activities. During the audit, we reviewed the rate elements the Department used to determine the final maintenance rates. We identified several elements that, in our judgment, appeared to be unnecessary or unreasonable, including:
• Apps/games/ringtones for handheld devices
• Multiple entertainment and recreation costs such as:
o TV/video/audio
o Satellite dishes
o Exercise equipment and gear/game tables
o Video game software
o Streaming/downloaded audio
o Stamp and coin collecting
o Online gaming services
• Food that did not appear to be suitable for children’s activities such as coffee, soda and other carbonated drinks, and sweets
• Baby food included in the calculation for older children
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have written policies and procedures and had no documentation to demonstrate how each rate element above was reasonable and allowable. In addition, the state plan did not reference any policies, laws or regulations regarding how rates should be calculated; it only referenced a policy stating that rates must be recalculated every four years.
In addition, the Department had a two-year moratorium on policies and procedures for the agency. The Department began working on a policy related to Rates, but this work has been delayed due to staff turnover and available resources.
Effect of Condition
After removing the elements described above, rates for level one payments were roughly $50 less than what the Department determined. The Basic Rate difference was $49.79 for children up to five years old, $50.27 for children aged six to 11 years, and $52.29 for children aged 12 years and older. Additionally, the Department could not support the overall increase of $342.50 for each level.
For levels higher than the basic rate, the Department was unable to support the increases, leading to the Department potentially paying more than allowable.
Recommendation
We recommend the Department develop and implement written policies and procedures for setting payment rates to ensure established foster care maintenance payment rates only include allowable costs.
Department’s Response
The Department concurs that policies and procedures related to rate setting for Foster Care maintenance payment are not currently established. Due to limited staffing resources, in September 2024, the Department submitted a budget request for the 2025 supplemental budget. The request included funding for a contractor to establish a formal governance process, policies and procedures, and create a public rate setting calendar and feedback structure for Department rate setting activities. This budget request was not funded by the Legislature.
In February 2025, the Department met with the SAO to gather an understanding of concerns and how reasonable and allowable rates could be documented to assist with compliance. The Department is committed to strengthening internal controls and complying with federal requirements and will prioritize establishing policies and procedures for rate setting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart E-Cost Principles
Title 45 CFR Part 75, Subpart F-Audit Requirements, establishes standards for obtaining consistency and uniformity among HHS agencies for the audit of non-Federal entities expending Federal awards.
Title 42 U.S. Code Chapter 7, Social Security Subchapter IV –Grants to States for Aid and Services to Needy Families with Children and for Child-Welfare Services. Section 675 Definitions Part 4 states in part:
4. The term “foster care maintenance payments” means payments to cover the cost of (and the cost of providing) food, clothing, shelter, daily supervision, school supplies, a child’s personal incidentals, liability insurance with respect to a child, reasonable travel to the child’s home for visitation, and reasonable travel for the child to remain in the school in which the child is enrolled at the time of placement. In the case of institutional care, such term shall include the reasonable costs of administration and operation of such institution as are necessarily required to provide the items described in the preceding sentence.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $6,000
Prior Year Audit Finding: Yes, Finding 2023-066
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.8 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink.
When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice containing billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2023-066, 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
We used a statistical sampling method to randomly select and examine 58 out of 1,084 foster care payments for travel and family time visits. Of the payments examined, we identified four payments costing $6,000 that lacked adequate documentation to support the amount of travel and family time visits being reimbursed.
We also found the Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition and Questioned Costs
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported. We are questioning the $6,000 in unsupported payments and estimate likely questioned costs to be $20,277.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(a)(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In response to the prior year’s audit, the Contracts Compliance Team, hired two new staff in the last half of calendar year 2023 dedicated to reviewing all regional child welfare client service contracts including family time visit payments. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began reviews of family time visit payments in November 2023. Due to staff resources and the number of contracts, the on-site compliance visits were completed for 44 of the 52 family time contracts in the past two fiscal years. On-site compliance visits are performed on a four year cycle and the Department strives to have all contracts reviewed in state fiscal year 2025.
The Department implemented a new process for creating Sprout invoices from family time activity data during the prior audit period. This process included utilizing algorithms to identify reimbursement outside of reasonable amounts, requiring providers to submit additional documentation or explanation for flagged invoices, and implementing a re-run process to identify duplicate billings. The Department also implemented additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment.
Between January and March 2024, the Department identified and implemented regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported. The Department experienced errors from new staff during the roll-out phases and as part of the Plan, Do, Check, Act (continuous quality improvement process) additional steps were added to the process to ensure payments were accurate. The Department will continue to strengthen internal controls around the review and payment for family time activities and invoices.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-067
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.9 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists gather information from a variety of sources to determine the support level of the child or youth. To ensure maintenance payments are accurate and allowable, the specialists enter the data gathered into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate to meet a child’s needs. Prior to payment, a supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program. The prior finding number was 2023-067.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 29,392 made during the audit period to ensure that the payments are allowable and accurate. We found that the Department did not perform six-month reviews of the reimbursement rates for two payments. This prevented the Department from ensuring it can provide accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not implement some internal control improvements until June 2024.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective June 2024 and as part of the implementation of the new rate assessment process, the Department took the following actions:
• Published a new report in FamLink to assist rate assessors in identifying:
o Six-month reviews that have not been performed timely.
o Cases with upcoming rate assessments and due dates for reviews.
• Implemented monthly tracking by supervisors to assist with internal controls and compliance.
The new tracking report has been helpful in identifying when cases are coming due, when they are overdue, and when they are missing. However, there were errors in the functionality of the report that were identified during the first sixth months the report was used. These errors led to placement resources specialists and their supervisors not having an accurate tool to appropriately identify all cases in need of a resource level determination. Placement resources specialists struggled to properly utilize the new report and as part of the Plan, Do, Check, Act (CQI process) additional steps were added to the process to assist with ensuring the reports were accurate and additional training was provided to staff to ensure they were supported.
During the audit period, the Department expanded level determinations to include unlicensed kinship caregivers for the purpose of providing support which increased the number of resource level determinations and substantially increased workload for the placement resources specialists. In addition, when reviewing the number of cases that are missing rate assessments, many of the cases are for Tribal Dependent Youth for Tribes that have made the decision to do their own level determinations. Tribes are sovereign nations, and we partner with them in this space. We continue to work with Tribes to help determine the best way to support them in completing timely rate assessments.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, establishes rate assessment requirements for the program.
Washington Administrative Code 110-50-0440, Foster care maintenance payment and standardized assessment tool, establishes rate assessment requirements for the program.
2024-068 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-065
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35%, 25% and 40%, respectively, that will total 100%. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2024, the Department allocated about $21 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with certain requirements of its PACAP. The prior finding numbers were 2023-065 and 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (August 2023).
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part:
FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-069 The Department of Children, Youth, and Families did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST; 2402 WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,493
Prior Year Audit Finding: Yes, Finding 2023-068
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Individuals
To be eligible to receive foster care benefits a child must meet specific eligibility requirements including the former Aid to Families with Dependent Children (AFDC) criteria. To meet the AFDC criteria, the child must be in need and deprived of parental support or have a principal wage earner parent who is unemployed.
The Department performs reviews of Title IV-E specialists’ cases to verify that all IV-E cases that are worked, are determined properly. During the audit period the Department had two processes. For the first quarter the Department had supervisors review 2 cases for each Title IV-E specialist they supervised. For the remaining three quarters of our audit period the Department had reimplemented their old process of quarterly peer reviews, where the Title IV-E specialist's review other regions Title IV-E Specialists’ cases to verify that specialists are determining eligibility properly.
Background Checks
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers’ households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results the name-based check, the Department shall provide a complete set of each adult resident’s fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
To ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children the Department verifies that the facility is compliant and that background checks were completed before providing them with a license number.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $163.9 million in federal grant funds. This included about $39.1 million for payments to providers for direct client services, with $1.1 million paid to licensed group care facilities and $16.9 million paid to foster family homes.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children. The prior finding numbers were 2023-068 and 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Individuals
The supervisor and peer reviews were not in place throughout the audit period and were not working as intended. We found the Department did not retain monthly supervisor reviews for the first quarter for two of its six regions. We also found the Department did not perform peer reviews in the second quarter.
We used a statistical sampling method to randomly select and examine 59 out of a total population of 465 children to determine whether they were eligible for the Foster Care program. We found one child who was not eligible, but for whom the Department paid $3,493 in benefits on behalf of using Foster Care program funds.
Background Checks
We used a statistical sampling method to randomly select and examine 57 out of a total population of 1,174 foster home new licenses and relicenses. We found that one foster home operated without a valid license for two months.
In addition, we used a statistical sampling method to randomly select and examine 58 out of a total population of 2,064 employees and household members who required background checks and found:
• Two individuals had background checks that were late with one being nine days after placement and the other being six months late
• Four of the individuals were missing fingerprint background checks
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
Cause of Condition
Individuals
The Department did not include all assets of the family’s resources when calculating the child’s AFDC eligibility resulting in an ineligible client being paid with federal grant funds.
Background Checks
The Department processes over 50,000 background checks annually, with more than 60% processed in an information technology (IT) system that lacks the capability to track an individual’s status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
Additionally, Department management did not monitor to ensure internal controls were sufficient to ensure compliance and that they were being followed.
Effect of Condition and Questioned Costs
Individuals
The Department improperly determined eligibility for one individual leading to known questioned costs of $3,493. We used a nonstatistical sampling method and estimate likely questioned costs to be $33,335.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Background Checks
By not ensuring everyone had cleared background checks before having unsupervised access to children, children may be in unsafe environments that affect their health and safety.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure everyone has cleared background checks before having unsupervised access to children
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As to the State Auditor’s Office (SAO) specific findings, the Department concurs and offers the following detail:
Individuals
The Department concurs that eligibility was improperly determined for one individual during the audit period. Upon notification, the Department processed a correction and returned the federal funds to the grantor. In addition, the Department has made updates to the peer review process to ensure that a sample of cases are reviewed quarterly and all documentation for the reviews are properly retained.
Background Checks
The Department concurs that six background checks were not conducted as required. As stated in the Cause of Condition, the current information technology (IT) system lacks the capability to track an individual’s background check status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
To improve compliance, in January 2024, the Department started shifting its practice to conduct National Crime Information Center (NCIC) background checks for more placements, which will help ensure background checks are completed prior to placement. The Department will continue communication and training for staff on this new process and clarify when this process is applicable. The Department appreciates the SAO’s insights and remains committed to strengthening our processes to ensure compliance with all background check requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
RCW 43.43.837, Fingerprint-based checks – Requirements for applicants and service providers – Shared background checks-Fees-Rules to establish financial responsibility
RCW 74.15.110, Renewal of licenses.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks.
2024-070 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-069
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2024, about 8,000 children were in Washington’s foster care system. In fiscal year 2024, the Department spent about $164 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding numbers were 2023-069 and 2022-051.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 126 lines in aggregate, and ten (8%) of the lines were incorrect.
During our review of the four quarterly reports, we found that all of them contained inaccuracies. Of the 161 reported line items we examined, 141 were related to expenditure amounts and the other 20 were related to child counts.
• The Department misreported 16 expenditure line items
o Eight of these lines were misreported, ranging between ($4,389) and $373. Of the eight identified, two lines had incorrect expenditures that reported to the other six lines through subtotals.
o For the remaining eight expenditure line items, we were unable to determine the accuracy of the reported expenditures.
• The Department also misreported eight line items related to child counts
o Six of these were input incorrectly ranging between (28) and ten children.
o For the remaining two line items, we were unable to determine the accuracy of the child count reported.
We consider these internal control deficiencies to be a material weakness which resulted in material noncompliance.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. The Department did not create accurate crosswalks to ensure reports were run properly and, although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management said that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendation
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department concurs that crosswalks were not reflective of the CB-496 instructions by line during the audit period. The crosswalks properly reflected the financial coding to run accurate reports, except for the splitting of administrative costs into separate lines on the report as outlined in the HHS published instructions.
Inaccurate Reports
SAO stated the Department misreported its program expenditures during the audit period. The Department concurs and offers the following:
• The FFY23 Quarter 4 report was overstated by $373.
• The FFY24 Quarter 1 report was understated by $4,389.
• The FFY24 Quarter 2 and FFY24 Quarter 3 report expenditures were accurate, but the data was not split between the correct administrative reporting lines. This error does not have an effect on the overall administrative expenditures reported to HHS.
The Department manages reporting for the Title IV-E program of $164 million per fiscal year. In proportion to the total expenditures reported, the reporting error identified by SAO is .0025%. The Department will submit a correction to the federal partner during the next reporting period and is committed to strengthening our internal review processes to ensure quarterly reports are completed accurately.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
a. Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
3. The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-071 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Payment Rate Setting and Application
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $15.4 million for foster care maintenance payments.
The Department must establish payment rates for maintenance payments (for example, payments to foster parents, childcare institutions or directly to youth). The Department’s state plan approved by the Administration for Children and Families must provide for periodic review of payment rates for foster care maintenance payments at reasonable, specific, time-limited periods established by the Department to ensure the rate’s continuing appropriateness for the administration of the Title IV-E program. One of seven levels of maintenance payment amounts are assigned to each child based on a variety of factors such as medical needs. Each of the levels includes an overall increase of $342.50 from the previous level. In fiscal year 2024, the Department recalculated its Foster Care maintenance payment rates. The different rate level increases were between $50 and $1,302 per month.
The Department has established rate structures for regular foster care maintenance payments, Behavioral Rehabilitation Service, and administrative service and management fees. The Department performs an economic analysis every four years to determine rates.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
The Department did not have written policies and procedures to ensure it established maintenance payment rates exclusively for allowable, reasonable and necessary activities. During the audit, we reviewed the rate elements the Department used to determine the final maintenance rates. We identified several elements that, in our judgment, appeared to be unnecessary or unreasonable, including:
• Apps/games/ringtones for handheld devices
• Multiple entertainment and recreation costs such as:
o TV/video/audio
o Satellite dishes
o Exercise equipment and gear/game tables
o Video game software
o Streaming/downloaded audio
o Stamp and coin collecting
o Online gaming services
• Food that did not appear to be suitable for children’s activities such as coffee, soda and other carbonated drinks, and sweets
• Baby food included in the calculation for older children
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have written policies and procedures and had no documentation to demonstrate how each rate element above was reasonable and allowable. In addition, the state plan did not reference any policies, laws or regulations regarding how rates should be calculated; it only referenced a policy stating that rates must be recalculated every four years.
In addition, the Department had a two-year moratorium on policies and procedures for the agency. The Department began working on a policy related to Rates, but this work has been delayed due to staff turnover and available resources.
Effect of Condition
After removing the elements described above, rates for level one payments were roughly $50 less than what the Department determined. The Basic Rate difference was $49.79 for children up to five years old, $50.27 for children aged six to 11 years, and $52.29 for children aged 12 years and older. Additionally, the Department could not support the overall increase of $342.50 for each level.
For levels higher than the basic rate, the Department was unable to support the increases, leading to the Department potentially paying more than allowable.
Recommendation
We recommend the Department develop and implement written policies and procedures for setting payment rates to ensure established foster care maintenance payment rates only include allowable costs.
Department’s Response
The Department concurs that policies and procedures related to rate setting for Foster Care maintenance payment are not currently established. Due to limited staffing resources, in September 2024, the Department submitted a budget request for the 2025 supplemental budget. The request included funding for a contractor to establish a formal governance process, policies and procedures, and create a public rate setting calendar and feedback structure for Department rate setting activities. This budget request was not funded by the Legislature.
In February 2025, the Department met with the SAO to gather an understanding of concerns and how reasonable and allowable rates could be documented to assist with compliance. The Department is committed to strengthening internal controls and complying with federal requirements and will prioritize establishing policies and procedures for rate setting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart E-Cost Principles
Title 45 CFR Part 75, Subpart F-Audit Requirements, establishes standards for obtaining consistency and uniformity among HHS agencies for the audit of non-Federal entities expending Federal awards.
Title 42 U.S. Code Chapter 7, Social Security Subchapter IV –Grants to States for Aid and Services to Needy Families with Children and for Child-Welfare Services. Section 675 Definitions Part 4 states in part:
4. The term “foster care maintenance payments” means payments to cover the cost of (and the cost of providing) food, clothing, shelter, daily supervision, school supplies, a child’s personal incidentals, liability insurance with respect to a child, reasonable travel to the child’s home for visitation, and reasonable travel for the child to remain in the school in which the child is enrolled at the time of placement. In the case of institutional care, such term shall include the reasonable costs of administration and operation of such institution as are necessarily required to provide the items described in the preceding sentence.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-066 The Department of Children, Youth, and Families did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: $6,000
Prior Year Audit Finding: Yes, Finding 2023-066
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.8 million for travel and family visits.
Parent-child visits are a key strategy for minimizing a child’s time in out-of-home care and working toward family reunification. The Department creates a visit plan based on dependency court order visit requirements and other information to ensure the child’s safety. This visit plan is created and saved in a system called FamLink.
When the Department needs contracted family time services, it sends a visit plan/referral through a FamLink-Sprout interface. Visit coordinators send this referral to the most appropriate contracted service provider through the Sprout system. These referrals authorize the contracted provider to provide the needed services. After the visit, contracted service providers complete visit reports, which include travel mileage and travel time. Based on these reports and information the contractor enters into the Sprout system, the system creates an invoice containing billable services and rates. To catch errors and ensure quality assurance, Sprout reports and invoices are reviewed and approved by the contracted service provider administrator or manager. The Department pays the provider solely based on the summary-level information entered into Sprout.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure payments to providers for family visits were allowable and adequately supported for the Foster Care program. The prior finding numbers were 2023-066, 2022-048 and 2021-040.
Description of Condition
The Department did not have adequate internal controls to ensure payments to providers for travel and family visits were allowable and adequately supported for the Foster Care program.
We used a statistical sampling method to randomly select and examine 58 out of 1,084 foster care payments for travel and family time visits. Of the payments examined, we identified four payments costing $6,000 that lacked adequate documentation to support the amount of travel and family time visits being reimbursed.
We also found the Department did not follow its procedures for performing fiscal monitoring of contracted service providers to ensure federally funded payments for travel and family visits were adequately supported and only for allowable activities.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition and Questioned Costs
By not performing adequate fiscal monitoring, the Department cannot ensure payments for travel and family visits are allowable and adequately supported. We are questioning the $6,000 in unsupported payments and estimate likely questioned costs to be $20,277.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(a)(3). To ensure a representative sample, we stratified the population by dollar amount.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Follow its fiscal monitoring procedures to ensure payments to providers for travel and family visits are allowable and adequately supported
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
In response to the prior year’s audit, the Contracts Compliance Team, hired two new staff in the last half of calendar year 2023 dedicated to reviewing all regional child welfare client service contracts including family time visit payments. The Contracts Compliance Team developed compliance audit plans for child welfare contracts and began reviews of family time visit payments in November 2023. Due to staff resources and the number of contracts, the on-site compliance visits were completed for 44 of the 52 family time contracts in the past two fiscal years. On-site compliance visits are performed on a four year cycle and the Department strives to have all contracts reviewed in state fiscal year 2025.
The Department implemented a new process for creating Sprout invoices from family time activity data during the prior audit period. This process included utilizing algorithms to identify reimbursement outside of reasonable amounts, requiring providers to submit additional documentation or explanation for flagged invoices, and implementing a re-run process to identify duplicate billings. The Department also implemented additional review and approvals by program staff for the Network Administrator in Eastern Washington for invoices prior to release of payment.
Between January and March 2024, the Department identified and implemented regional program approvals for Western Washington providers and implement fiscal monitoring controls to ensure payments to providers for travel and family visits are allowable and adequately supported. The Department experienced errors from new staff during the roll-out phases and as part of the Plan, Do, Check, Act (continuous quality improvement process) additional steps were added to the process to ensure payments were accurate. The Department will continue to strengthen internal controls around the review and payment for family time activities and invoices.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-067 The Department of Children, Youth, and Families did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-067
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $12.9 million for foster care maintenance payments to family foster homes.
These monthly maintenance payments help licensed caregivers (foster parents and licensed kinship caregivers) meet the needs of children and youth experiencing foster care. The Department’s Federal Funding Unit manages each of its Title IV-E foster care cases. Title IV-E Specialists are stationed throughout the state and screen all new foster care cases for Title IV-E Eligibility.
When children or youth are placed in foster care homes, specialists gather information from a variety of sources to determine the support level of the child or youth. To ensure maintenance payments are accurate and allowable, the specialists enter the data gathered into the Foster Care Rate Assessment tool, which calculates the appropriate reimbursement rate to meet a child’s needs. Prior to payment, a supervisor reviews the rate in a system called FamLink. These reimbursement rates must be reassessed every six months.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program. The prior finding number was 2023-067.
Description of Condition
The Department did not have adequate internal controls to ensure monthly foster care maintenance payments to children’s caregivers were adequate and accurate for the Foster Care program.
We used a statistical sampling method to randomly select and examine 59 foster care maintenance payments out of a total population of 29,392 made during the audit period to ensure that the payments are allowable and accurate. We found that the Department did not perform six-month reviews of the reimbursement rates for two payments. This prevented the Department from ensuring it can provide accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior audit finding, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not implement some internal control improvements until June 2024.
Effect of Condition
By not performing six-month reviews of all reimbursement rates, the Department cannot ensure it provided accurate monthly maintenance payments to help caregivers meet the needs of every child or youth in foster care.
Recommendation
We recommend the Department establish adequate internal controls to ensure it performs all six-month reviews of caregivers’ reimbursement rates for the Foster Care program.
Department’s Response
As stated in the Cause of Condition, the Department did not fully implement the corrective action plan during the audit period. Due to the timing and frequency of the statewide single audits, the Department is not made aware of a finding until months after the state fiscal year (SFY) concludes. It is not always feasible to correct audit issues before a new audit cycle begins. Thereby, the previous year’s audit issues will remain outstanding up to nine months of the current audit period. For this reason, the Department anticipates receiving repeat findings for consecutive years.
To strengthen internal controls and documentation, effective June 2024 and as part of the implementation of the new rate assessment process, the Department took the following actions:
• Published a new report in FamLink to assist rate assessors in identifying:
o Six-month reviews that have not been performed timely.
o Cases with upcoming rate assessments and due dates for reviews.
• Implemented monthly tracking by supervisors to assist with internal controls and compliance.
The new tracking report has been helpful in identifying when cases are coming due, when they are overdue, and when they are missing. However, there were errors in the functionality of the report that were identified during the first sixth months the report was used. These errors led to placement resources specialists and their supervisors not having an accurate tool to appropriately identify all cases in need of a resource level determination. Placement resources specialists struggled to properly utilize the new report and as part of the Plan, Do, Check, Act (CQI process) additional steps were added to the process to assist with ensuring the reports were accurate and additional training was provided to staff to ensure they were supported.
During the audit period, the Department expanded level determinations to include unlicensed kinship caregivers for the purpose of providing support which increased the number of resource level determinations and substantially increased workload for the placement resources specialists. In addition, when reviewing the number of cases that are missing rate assessments, many of the cases are for Tribal Dependent Youth for Tribes that have made the decision to do their own level determinations. Tribes are sovereign nations, and we partner with them in this space. We continue to work with Tribes to help determine the best way to support them in completing timely rate assessments.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 110-50-0490, How often do the foster parent and caseworker meet to complete the rate assessment?, establishes rate assessment requirements for the program.
Washington Administrative Code 110-50-0440, Foster care maintenance payment and standardized assessment tool, establishes rate assessment requirements for the program.
2024-068 The Department of Children, Youth, and Families did not have adequate controls over and did not comply with certain requirements of its Public Assistance Cost Allocation Plan.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-065
Background
As a condition of receiving federal grant funds, the Department of Children, Youth, and Families must submit a Public Assistance Cost Allocation Plan (PACAP) to the U.S. Department of Health and Human Services each state fiscal year. The PACAP describes how the Department is authorized to allocate indirect costs like overhead and general administrative expenses to all funding sources, including federal grants.
The Department uses the Cost Allocation System (CAS), a subsystem of the Agency Financial Reporting System (AFRS), to execute its PACAP. The Department develops appropriate methodologies and updates cost allocation base input tables that contain cost objectives, which automatically distribute the cost of payments to either state, local or federal funding sources. The tables in CAS can be added, deleted, changed or inactivated each calendar month.
As part of its cost allocation process, the Department establishes bases that are used to distribute costs to multiple funding sources. Each base consists of elements that are assigned a percentage that dictates how much of the original payment is allocated to it. For example, a base could be made up of three elements that allocate 35%, 25% and 40%, respectively, that will total 100%. Records of these bases are kept in workbooks that management reviews and approves before they are uploaded or keyed into AFRS for use.
In fiscal year 2024, the Department allocated about $21 million in indirect costs to the Foster Care grant.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls over and did not comply with certain requirements of its PACAP. The prior finding numbers were 2023-065 and 2022-047.
Description of Condition
The Department did not have adequate controls over and did not comply with certain requirements of its PACAP. According to the Department’s PACAP, Base 100, which are charges for administrative costs, should be updated monthly with full-time equivalents disbursed to reflect the work that agency staff have performed. This method allows the Department to allocate administrative charges proportionately to the staffing level required to meet the program’s needs.
We examined five monthly workbooks completed during the audit period. We found the Department did not complete a workbook for one month of the audit period (August 2023).
We consider this internal control deficiency to be a material weakness which led to material noncompliance.
Cause of Condition
Management did not assign sufficient staffing resources to ensure all monthly workbooks were completed in accordance with the Department’s approved PACAP.
Effect of Condition
The Department’s inadequate internal controls affected the accuracy of the indirect costs charged to the Foster Care grant. When workbooks are not updated, the Department increases its risk of undercharging or improperly allocating indirect costs to the Foster Care program.
Recommendation
We recommend the Department strengthen internal controls to ensure that monthly workbooks are properly updated in accordance with the approved PACAP.
Department’s Response
The Department concurs with the finding.
The Department did not have adequate staffing levels to maintain the business processes for one workbook for the Public Assistance Cost Allocation Plan (PACAP) cost base 100 for the administrative charges during the state and federal fiscal year close deadlines. Available staff were focused on grant reconciliations and closing out the prior fiscal year financial transactions. The Department is committed to improving our internal controls and has reviewed the base edit form written procedures with staff and added monthly reminders for the Cost Allocation and Grants Management Unit.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 95, Subpart E – Cost Allocation Plans, section 95.501, Purpose, states:
(a) Preparation, submission, and approval of State agency cost allocation plans for public assistance programs; and
(b) Adherence to approved cost allocation plans in computing claims for Federal financial participation.
Public Assistance Cost Allocation Plan – Appendix 3 Administrative Costs, Base 100, states in part:
FTEs are based on actual months and are reported by funding source. This information is obtained on a monthly basis from the Enterprise Reporting system at DCYF and is used on a rolling period with a one-month lag. For example, the FTEs for July would be used in the September plan.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-069 The Department of Children, Youth, and Families did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302 WAFOST; 2402 WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: $3,493
Prior Year Audit Finding: Yes, Finding 2023-068
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned to home, placed with adoptive families, or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for the adults in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
Individuals
To be eligible to receive foster care benefits a child must meet specific eligibility requirements including the former Aid to Families with Dependent Children (AFDC) criteria. To meet the AFDC criteria, the child must be in need and deprived of parental support or have a principal wage earner parent who is unemployed.
The Department performs reviews of Title IV-E specialists’ cases to verify that all IV-E cases that are worked, are determined properly. During the audit period the Department had two processes. For the first quarter the Department had supervisors review 2 cases for each Title IV-E specialist they supervised. For the remaining three quarters of our audit period the Department had reimplemented their old process of quarterly peer reviews, where the Title IV-E specialist's review other regions Title IV-E Specialists’ cases to verify that specialists are determining eligibility properly.
Background Checks
Prospective foster parents and other out-of-home caregivers, as well as any adults residing in the prospective caregivers’ households must pass the background check. During an emergency situation when a child must be placed in out-of-home care due to the absence of appropriate parents or custodians, the Department shall request a federal name-based criminal history record check of each adult residing in the home of the potential placement resource. Upon receipt of the results the name-based check, the Department shall provide a complete set of each adult resident’s fingerprints to the Washington state patrol for submission to the federal bureau of investigation within 15 calendar days from the date the name search was conducted. The child shall be removed from the home immediately if any adult resident fails to provide fingerprints and written permission to perform a federal criminal history record check when requested.
To ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children the Department verifies that the facility is compliant and that background checks were completed before providing them with a license number.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $163.9 million in federal grant funds. This included about $39.1 million for payments to providers for direct client services, with $1.1 million paid to licensed group care facilities and $16.9 million paid to foster family homes.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls to ensure group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children. The prior finding numbers were 2023-068 and 2022-050.
Description of Condition
The Department did not have adequate internal controls to ensure a child is eligible and group care facility employees and adults residing in prospective caregivers’ households had cleared background checks before having unsupervised access to children.
Individuals
The supervisor and peer reviews were not in place throughout the audit period and were not working as intended. We found the Department did not retain monthly supervisor reviews for the first quarter for two of its six regions. We also found the Department did not perform peer reviews in the second quarter.
We used a statistical sampling method to randomly select and examine 59 out of a total population of 465 children to determine whether they were eligible for the Foster Care program. We found one child who was not eligible, but for whom the Department paid $3,493 in benefits on behalf of using Foster Care program funds.
Background Checks
We used a statistical sampling method to randomly select and examine 57 out of a total population of 1,174 foster home new licenses and relicenses. We found that one foster home operated without a valid license for two months.
In addition, we used a statistical sampling method to randomly select and examine 58 out of a total population of 2,064 employees and household members who required background checks and found:
• Two individuals had background checks that were late with one being nine days after placement and the other being six months late
• Four of the individuals were missing fingerprint background checks
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
Cause of Condition
Individuals
The Department did not include all assets of the family’s resources when calculating the child’s AFDC eligibility resulting in an ineligible client being paid with federal grant funds.
Background Checks
The Department processes over 50,000 background checks annually, with more than 60% processed in an information technology (IT) system that lacks the capability to track an individual’s status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
Additionally, Department management did not monitor to ensure internal controls were sufficient to ensure compliance and that they were being followed.
Effect of Condition and Questioned Costs
Individuals
The Department improperly determined eligibility for one individual leading to known questioned costs of $3,493. We used a nonstatistical sampling method and estimate likely questioned costs to be $33,335.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Background Checks
By not ensuring everyone had cleared background checks before having unsupervised access to children, children may be in unsafe environments that affect their health and safety.
Because this finding reports non-compliance with state law, the Office of Financial Management is required by RCW 43.09.312 (1) to submit the agency’s response and plan for remediation to the Governor, the Joint Legislative Audit and Review Committee, and the relevant fiscal and policy committees of the Senate and House of Representatives.
Recommendations
We recommend the Department:
• Strengthen its internal controls and ensure everyone has cleared background checks before having unsupervised access to children
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Department’s Response
The Department is committed to strengthening internal controls and complying with grant requirements. As to the State Auditor’s Office (SAO) specific findings, the Department concurs and offers the following detail:
Individuals
The Department concurs that eligibility was improperly determined for one individual during the audit period. Upon notification, the Department processed a correction and returned the federal funds to the grantor. In addition, the Department has made updates to the peer review process to ensure that a sample of cases are reviewed quarterly and all documentation for the reviews are properly retained.
Background Checks
The Department concurs that six background checks were not conducted as required. As stated in the Cause of Condition, the current information technology (IT) system lacks the capability to track an individual’s background check status. The inefficient IT system necessitates staff manually documenting information across multiple, non-standardized systems, which can create challenges, particularly given the high turnover among field staff.
To improve compliance, in January 2024, the Department started shifting its practice to conduct National Crime Information Center (NCIC) background checks for more placements, which will help ensure background checks are completed prior to placement. The Department will continue communication and training for staff on this new process and clarify when this process is applicable. The Department appreciates the SAO’s insights and remains committed to strengthening our processes to ensure compliance with all background check requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
RCW 43.43.837, Fingerprint-based checks – Requirements for applicants and service providers – Shared background checks-Fees-Rules to establish financial responsibility
RCW 74.15.110, Renewal of licenses.
Department of Children, Youth, and Families, Policies and Procedures 6800 – Background Checks.
2024-070 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-069
Background
The purpose of the Foster Care program is to provide safe and stable out-of-home care for children under placement and care authority of state welfare agencies. To accomplish this, the Administration for Children and Families (ACF) in the U.S. Department of Health and Human Services (HHS) offers financial support to states to offset the cost of foster care maintenance for eligible children, administrative costs to manage the program, and training for state agency staff, foster parents and qualified private agency staff. As of June 2024, about 8,000 children were in Washington’s foster care system. In fiscal year 2024, the Department spent about $164 million in federal program funds.
Within 30 days after each fiscal quarter, the Department of Children, Youth, and Families is required to file the CB-496: Title IV-E Programs Quarterly Financial Report with HHS. This report identifies the Department’s Foster Care program expenditures, and the number of children it has served. The ACF relies on the information reported to award funds, determine the allowability of the reported expenditures, and provide reports to Congress.
To complete the CB-496, Department management creates a crosswalk by examining the Department’s chart of accounts and expenditure-codes in relation to HHS’s published CB-496 instructions. This ensures that the reports ran will produce the required information for each line of the CB-496.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program. The prior finding numbers were 2023-069 and 2022-051.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements for the Foster Care program.
During our review of all four quarterly crosswalks, we found the Department did not have the correct account coding to report fields correctly. Out of the four quarterly crosswalks, the Department had 126 lines in aggregate, and ten (8%) of the lines were incorrect.
During our review of the four quarterly reports, we found that all of them contained inaccuracies. Of the 161 reported line items we examined, 141 were related to expenditure amounts and the other 20 were related to child counts.
• The Department misreported 16 expenditure line items
o Eight of these lines were misreported, ranging between ($4,389) and $373. Of the eight identified, two lines had incorrect expenditures that reported to the other six lines through subtotals.
o For the remaining eight expenditure line items, we were unable to determine the accuracy of the reported expenditures.
• The Department also misreported eight line items related to child counts
o Six of these were input incorrectly ranging between (28) and ten children.
o For the remaining two line items, we were unable to determine the accuracy of the child count reported.
We consider these internal control deficiencies to be a material weakness which resulted in material noncompliance.
Cause of Condition
When completing the quarterly reports, the Department did not follow HHS’s published instructions. The Department did not create accurate crosswalks to ensure reports were run properly and, although there was an established review process, the reviews performed were insufficient to detect errors in the reports. Management said that due to competing priorities and staffing shortages, the Department had limited capacity to thoroughly review the reports before submitting them to HHS.
Effect of Condition
Because HHS uses these reports to determine award amounts and whether reported expenditures are allowable, it may have relied on inaccurate data to make these determinations for the Department. The grant agreement also allows HHS to take action for the Department’s noncompliance, which can include temporarily withholding funds, wholly or partly suspending or terminating the award, and withholding further program awards.
Recommendation
We recommend the Department:
• Follow HHS’s published instructions when completing the quarterly CB-496 reports
• Strengthen its review processes to ensure the reports are accurate and supported before submitting them to HHS
Department’s Response
During the audit period, the Department acknowledges errors were made in the quarterly reports and crosswalks. The Department concurs with the SAO findings. As to the Auditor’s specific findings, the Department offers the following detail:
Quarterly Crosswalks
The Department concurs that crosswalks were not reflective of the CB-496 instructions by line during the audit period. The crosswalks properly reflected the financial coding to run accurate reports, except for the splitting of administrative costs into separate lines on the report as outlined in the HHS published instructions.
Inaccurate Reports
SAO stated the Department misreported its program expenditures during the audit period. The Department concurs and offers the following:
• The FFY23 Quarter 4 report was overstated by $373.
• The FFY24 Quarter 1 report was understated by $4,389.
• The FFY24 Quarter 2 and FFY24 Quarter 3 report expenditures were accurate, but the data was not split between the correct administrative reporting lines. This error does not have an effect on the overall administrative expenditures reported to HHS.
The Department manages reporting for the Title IV-E program of $164 million per fiscal year. In proportion to the total expenditures reported, the reporting error identified by SAO is .0025%. The Department will submit a correction to the federal partner during the next reporting period and is committed to strengthening our internal review processes to ensure quarterly reports are completed accurately.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 201, Grants to States for Public Assistance Programs, establishes applicable requirements for form and manner of submittal of the estimates for public assistance grants.
Section 201.5 Grants, states in part:
a. Form and manner of submittal.
1. Time and place: The estimates for public assistance grants for each quarterly period must be forwarded to the regional office 45 days prior to the period of the estimate. They include a certification of State funds available and a justification statement in support of the estimates. A statement of quarterly expenditures and any necessary supporting schedules must be forwarded to the Department of Health and Human Services, Family Support Administration, not later than 30 days after the end of the quarter.
2. Description of forms: “State Agency Expenditure Projection – Quarterly Projection by Program” represents the State agency’s estimate of the total amount and the Federal share of expenditures for assistance, services, training, and administration to be made during the quarter for each of the public assistance programs under the Act. From these estimates the State and Federal shares of the total expenditures are computed. The State’s computed share of total estimated expenditures is the amount of State and local funds necessary for the quarter. The federal share is the basis for the funds to be advanced for the quarter. The State agency must also certify, on this form or otherwise, the amount of State funds (exclusive of any balance of advances received from the Federal Government) actually on hand and available for expenditure; this certification must be signed by the executive officer of the State agency submitting the estimate or a person officially designated by him, or by a fiscal officer of the State if required by State law or regulation. (A form “Certificate of Availability of State Funds for Assistance and Administration during Quarter” is available for submitting this information, but its use is optional.) If the amount of State funds (or State and local funds if localities participate in the program), shown as available for expenditures is not sufficient to cover the State’s proportionate share of the amount estimated to be expended, the certification must contain a statement showing the source from which the amount of the deficiency is expected to be derived and the time when this amount is expected to be made available.
3. The State agency must also submit a quarterly statement of expenditures for each of the public assistance programs under the Act. This is an accounting statement of the disposition of the Federal funds granted for past periods and provides the basis for making the adjustments necessary when the State’s estimate for any prior quarter was greater or less than the amount the State actually expended in that quarter. The statement of expenditures also shows the share of the Federal Government in any recoupment, from whatever source, including for title IV-A the appropriate share of child support collections made by the State, of expenditures claimed in a prior period, and also in expenditures not properly subject to Federal financial participation which are acknowledged by the State agency, including the share of the Federal Government for uncashed and cancelled checks as described at 45 CFR 201.67 and replacement checks as described at 45 CFR 201.70 in this part, or which have been revealed in the course of an audit.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-071 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
Assistance Listing Number and Title: 93.658 Foster Care Title IV-E
93.658 COVID-19 – Foster Care Title IV-E
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WAFOST
2402WAFOST
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Payment Rate Setting and Application
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The federal Foster Care Title IV-E program helps states provide safe and stable out-of-home care for children under the jurisdiction of the state’s child welfare agency until they are returned home, placed with adoptive families or placed in other planned, permanent arrangements. The program provides funds to reduce the costs of foster care for eligible children, reduce administrative costs to manage the program, and provide training for adults who are involved in the Foster Care program, including state agency staff, foster parents and certain private agency staff.
In Washington, the Department of Children, Youth, and Families administers the Foster Care program. During fiscal year 2024, the Department spent about $164 million in federal grant funds, including about $15.4 million for foster care maintenance payments.
The Department must establish payment rates for maintenance payments (for example, payments to foster parents, childcare institutions or directly to youth). The Department’s state plan approved by the Administration for Children and Families must provide for periodic review of payment rates for foster care maintenance payments at reasonable, specific, time-limited periods established by the Department to ensure the rate’s continuing appropriateness for the administration of the Title IV-E program. One of seven levels of maintenance payment amounts are assigned to each child based on a variety of factors such as medical needs. Each of the levels includes an overall increase of $342.50 from the previous level. In fiscal year 2024, the Department recalculated its Foster Care maintenance payment rates. The different rate level increases were between $50 and $1,302 per month.
The Department has established rate structures for regular foster care maintenance payments, Behavioral Rehabilitation Service, and administrative service and management fees. The Department performs an economic analysis every four years to determine rates.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure Foster Care Maintenance payment rates were properly calculated.
The Department did not have written policies and procedures to ensure it established maintenance payment rates exclusively for allowable, reasonable and necessary activities. During the audit, we reviewed the rate elements the Department used to determine the final maintenance rates. We identified several elements that, in our judgment, appeared to be unnecessary or unreasonable, including:
• Apps/games/ringtones for handheld devices
• Multiple entertainment and recreation costs such as:
o TV/video/audio
o Satellite dishes
o Exercise equipment and gear/game tables
o Video game software
o Streaming/downloaded audio
o Stamp and coin collecting
o Online gaming services
• Food that did not appear to be suitable for children’s activities such as coffee, soda and other carbonated drinks, and sweets
• Baby food included in the calculation for older children
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department did not have written policies and procedures and had no documentation to demonstrate how each rate element above was reasonable and allowable. In addition, the state plan did not reference any policies, laws or regulations regarding how rates should be calculated; it only referenced a policy stating that rates must be recalculated every four years.
In addition, the Department had a two-year moratorium on policies and procedures for the agency. The Department began working on a policy related to Rates, but this work has been delayed due to staff turnover and available resources.
Effect of Condition
After removing the elements described above, rates for level one payments were roughly $50 less than what the Department determined. The Basic Rate difference was $49.79 for children up to five years old, $50.27 for children aged six to 11 years, and $52.29 for children aged 12 years and older. Additionally, the Department could not support the overall increase of $342.50 for each level.
For levels higher than the basic rate, the Department was unable to support the increases, leading to the Department potentially paying more than allowable.
Recommendation
We recommend the Department develop and implement written policies and procedures for setting payment rates to ensure established foster care maintenance payment rates only include allowable costs.
Department’s Response
The Department concurs that policies and procedures related to rate setting for Foster Care maintenance payment are not currently established. Due to limited staffing resources, in September 2024, the Department submitted a budget request for the 2025 supplemental budget. The request included funding for a contractor to establish a formal governance process, policies and procedures, and create a public rate setting calendar and feedback structure for Department rate setting activities. This budget request was not funded by the Legislature.
In February 2025, the Department met with the SAO to gather an understanding of concerns and how reasonable and allowable rates could be documented to assist with compliance. The Department is committed to strengthening internal controls and complying with federal requirements and will prioritize establishing policies and procedures for rate setting.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Subpart E-Cost Principles
Title 45 CFR Part 75, Subpart F-Audit Requirements, establishes standards for obtaining consistency and uniformity among HHS agencies for the audit of non-Federal entities expending Federal awards.
Title 42 U.S. Code Chapter 7, Social Security Subchapter IV –Grants to States for Aid and Services to Needy Families with Children and for Child-Welfare Services. Section 675 Definitions Part 4 states in part:
4. The term “foster care maintenance payments” means payments to cover the cost of (and the cost of providing) food, clothing, shelter, daily supervision, school supplies, a child’s personal incidentals, liability insurance with respect to a child, reasonable travel to the child’s home for visitation, and reasonable travel for the child to remain in the school in which the child is enrolled at the time of placement. In the case of institutional care, such term shall include the reasonable costs of administration and operation of such institution as are necessarily required to provide the items described in the preceding sentence.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-072 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the Social Services Block Grant.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WASOSR; 2402WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $9,098,747
Prior Year Audit Finding: Yes, Finding 2023-070
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth and young adults for case management, foster care, protective services, transportation, childcare and other services such as child welfare services, intake and assessment, crisis counseling, family reconciliation and licensing staff. In fiscal year 2024, the Department spent about $46.7 million in federal funding. Of this amount, the Department paid about $20.2 million to providers for direct client services.
SSBG gave the Department broad flexibility to design and administer the program based on its approved plan. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Payments to the providers were initially incurred for other programs then transferred to the SSBG program to align with the amounts allocated in the Pre-Expenditure Report. The Department periodically processed journal vouchers to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the SSBG. The prior finding number was 2023-070.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the SSBG.
Department management said it used the approved SSBG Pre-Expenditure Report and Intended Use Plan to identify eligible activities initially charged to the Foster Care program, then periodically transferred them to the SSBG grant to align with the Pre-Expenditure Report. The Department also said management performed monthly reconciliation to verify the expenditures were for allowable activities and within the period of performance.
During our testing, we found the Department used the Pre-Expenditure Report to identify eligible activities for the SSBG program and transferred funds accordingly. However, we found the Department did not perform month reconciliations to verify these expenditures were for allowable activities and within the period of performance.
We examined the Department’s accounting records to determine if payments the Department transferred to the SSBG program were for activities that were allowable, authorized, accurate and supported. We identified total provider payments of $20,211,047 that were transferred to the SSBG program during fiscal year 2024. We analyzed provider payments and requested the Department verify whether it could provide adequate level of expenditure so we could determine whether payments were allowable and supported. Based on our analysis and confirmation from the Department, we categorized the total expenditures into two categories, which we identified in the following table.
Category Amount
Provider payments for which the Department provided an adequate level of support $11,112,849
Provider payments for which the Department could not provide an adequate level of support $9,098,198
Total payments to providers $20,211,047
Provider payments for which the Department provided an adequate level of support
We used a statistical sampling method to randomly select and examine 119 out of a total population of 12,867 payments.
We reviewed the supporting documentation, description of activities and payment approvals. We found the payments were for activities that were supported, allowable, authorized and accurate.
Provider payments for which the Department could not provide an adequate level of support
We were unable to perform testing on payments totaling $9,098,198 because the Department was only able to provide summary level information. The Department was unable to provide an adequate level of support for us to determine whether the costs were for activities that were allowable, authorized and within the period of performance.
Period of performance
We analyzed costs recorded to determine if any costs were incurred for the 2024 SSBG grant award prior to the start of the grant period of performance. We found the Department charged $549 to the 2024 SSBG grant for costs prior to the grant award’s performance period began.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Due to staffing vacancies during the fiscal year, the Department did not perform monthly reconciliations to verify the expenditures were for allowable activities and within the period of performance.
In addition, the Department processed expenditure transfers at the grant level. As a result, the Department could not provide an adequate level of support for 42 % of payments to providers charged to the SSBG program. Therefore, we could not determine whether the payments transferred to SSBG were accurate, for allowable activities, and incurred during the period of performance.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit some of the federal dollars it transferred to SSBG.
We are questioning $9,098,747 in federal program costs the Department charged to the SSBG program during the audit period. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure the funds it transfers to SSBG are supported by transaction-level support sufficient to comply with federal law
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The Department provided the State Auditor’s Office (SAO) with detailed expenditure data reports and email documentation of management reviews of the expenditures being charged to the SSBG grant. As to the SAO’s specific findings:
Period of performance
The charges identified by the SAO of $549 were related to accrued expenditures recorded at year end closing that were not transferred to the proper grant year. No federal funds were drawn on these accruals per Department guidelines and automated internal controls that are built into the Grants Management System that is used for federal draws.
Provider payments for which the Department could not provide an adequate level of support
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the SAO for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data. Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System and the Agency Financial Reporting System to allow transfers between funding sources to include transaction level data related to the expenditures. The Department looks forward to working with SAO to resolve the transaction level data concerns and move forward with fully auditing the SSBG grant program.
Auditor’s Remarks
Period of Performance
We performed testing to ensure federal awards were charged only for allowable costs within their performance periods. We found the Department improperly charged $549 to the 2024 SSBG grant for costs incurred before the grant’s start date.
Provider payments for which the Department could not provide an adequate level of support
The level of documentation needed to support grant expenditures is not established by our Office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures applicable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-073 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the Social Services Block Grant program.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WASOSR; 2402WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-072
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation and licensing staff. In fiscal year 2024, the Department spent about $46.7 million in federal funding.
The Department is required to submit annual SF-425 financial reports for each open SSBG grant. These reports contain information such as the federal grant number, the recipient organization, grant period, reporting period end date, and a summary of expenditures and revenues related to the grant during the reporting period.
The Department is also required to submit annual SSBG Post-Expenditure reports that describe how the Department expended its SSBG grant for each fiscal year. These reports include information such as:
1. The number of eligible people who received services that were fully or partially paid for with SSBG funds
2. The amount of SSBG funds spent on providing each service
3. The method(s) by which each service was provided, showing separately for each service provided by public agencies, private agencies or both
4. The criteria applied in determining eligibility for each service, such as income eligibility guidelines, sliding fee scales, the effect of public assistance benefits, and any requirements for enrollment in school or training programs
5. The state’s definition of “child,” “adult” and “family”
6. Temporary Assistance for Needy Families funds transferred into SSBG
In its approved state plan, the Department has broad flexibility to design and administer the SSBG program. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Most of the expenditures charged to the SSBG program were initially incurred for the other programs and transferred to the SSBG program. The Department periodically processed accounting adjustments to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the SSBG program. The prior finding number was 2023-072.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the SSBG program.
Financial Reporting – SF-425
We selected and examined the two SF-425 reports that the Department was required to submit in state fiscal year 2024. During the audit period, the Department processed expenditure transfers at the grant level. As a result, the Department did not identify the specific transactions, or provide the required level of supporting documentation, for 45% of payments to providers that were charged to the SSBG program. These transactions represented about 20% of total SSBG expenditures. Therefore, we could not rely on the data supporting the Department’s reported SF-425 expenditures and could not determine if the reports were accurate and complete. This condition is also reference in audit finding 2024-072.
Performance Reporting – Post-Expenditure Report
Department personnel said they reviewed and approved the Post-Expenditure Report workbook before the information was uploaded into the SSBG portal to ensure the data was complete and accurate. Department personnel then reviewed and approved the Post-Expenditure Report in the SSBG portal to ensure it was complete and accurate before management performed a final review, certified the report and submitted it.
We selected the only SSBG Post-Expenditure Report that the Department was required to submit during the audit period. We found no documented evidence that the appropriate Department personnel reviewed the Post-Expenditure Report Workbook and the SSBG Post-Expenditure Report for accuracy and completeness before management completed the final review and certification of the report.
The unsupported SF-425 expenditures identified above were also included in this report. Therefore, we could not rely on the data supporting the expenditures reported in the Department’s SSBG Post-Expenditure Report and could not determine if it was accurate and complete.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department processed expenditure transfers at the grant level and made accounting adjustments without identifying the actual payments that were used to support those adjustments.
Additionally, while management asserted the Post-Expenditure Report Workbook and SSBG Post-Expenditure Report were reviewed before the report was uploaded into the SSBG portal, there was no evidence that this review occurred.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure that expenditure amounts reported to the grantor are complete and accurate.
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible to audit some of the federal dollars it transferred to SSBG and reported on the SF-425 financial report and the SSBG Post-Expenditure report.
Recommendations
We recommend the Department:
• Improve internal controls to ensure management reviews reports along with supporting expenditure and revenue data to ensure completeness and accuracy
• Design and implement internal controls to ensure financial and program reports are supported with an adequate level of detail
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The Department provided the SAO with detailed expenditure data reports and email documentation of management reviews of the expenditures being charged to the SSBG grant and changes being requested prior to submission. Management reviewed the expenditure data prior to certifying and submitting the reports in the federal reporting system verifying the requested changes were made. The federal reporting system creates an email after certification which the Department shared with the SAO. The Department was unable to provide email communication between staff and management related to the approval of the changes requested as documentation of the final approval prior to management certifying the report in the federal system as requested by SAO.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data. Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System and the Agency Financial Reporting System to allow transfers between funding sources to include transaction level data related to the expenditures. The Department looks forward to working with SAO to resolve the transaction level data concerns and move forward with fully auditing the SSBG grant program.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures applicable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
Title 45 CFR Part 96.74, Annual Reporting Requirements, establishes the reporting requirements for the Pre-Expenditure and Post-Expenditure program reports.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-072 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the Social Services Block Grant.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WASOSR; 2402WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/Cost Principles
Period of Performance
Known Questioned Cost Amount: $9,098,747
Prior Year Audit Finding: Yes, Finding 2023-070
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth and young adults for case management, foster care, protective services, transportation, childcare and other services such as child welfare services, intake and assessment, crisis counseling, family reconciliation and licensing staff. In fiscal year 2024, the Department spent about $46.7 million in federal funding. Of this amount, the Department paid about $20.2 million to providers for direct client services.
SSBG gave the Department broad flexibility to design and administer the program based on its approved plan. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Payments to the providers were initially incurred for other programs then transferred to the SSBG program to align with the amounts allocated in the Pre-Expenditure Report. The Department periodically processed journal vouchers to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the SSBG. The prior finding number was 2023-070.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and properly supported for the SSBG.
Department management said it used the approved SSBG Pre-Expenditure Report and Intended Use Plan to identify eligible activities initially charged to the Foster Care program, then periodically transferred them to the SSBG grant to align with the Pre-Expenditure Report. The Department also said management performed monthly reconciliation to verify the expenditures were for allowable activities and within the period of performance.
During our testing, we found the Department used the Pre-Expenditure Report to identify eligible activities for the SSBG program and transferred funds accordingly. However, we found the Department did not perform month reconciliations to verify these expenditures were for allowable activities and within the period of performance.
We examined the Department’s accounting records to determine if payments the Department transferred to the SSBG program were for activities that were allowable, authorized, accurate and supported. We identified total provider payments of $20,211,047 that were transferred to the SSBG program during fiscal year 2024. We analyzed provider payments and requested the Department verify whether it could provide adequate level of expenditure so we could determine whether payments were allowable and supported. Based on our analysis and confirmation from the Department, we categorized the total expenditures into two categories, which we identified in the following table.
Category Amount
Provider payments for which the Department provided an adequate level of support $11,112,849
Provider payments for which the Department could not provide an adequate level of support $9,098,198
Total payments to providers $20,211,047
Provider payments for which the Department provided an adequate level of support
We used a statistical sampling method to randomly select and examine 119 out of a total population of 12,867 payments.
We reviewed the supporting documentation, description of activities and payment approvals. We found the payments were for activities that were supported, allowable, authorized and accurate.
Provider payments for which the Department could not provide an adequate level of support
We were unable to perform testing on payments totaling $9,098,198 because the Department was only able to provide summary level information. The Department was unable to provide an adequate level of support for us to determine whether the costs were for activities that were allowable, authorized and within the period of performance.
Period of performance
We analyzed costs recorded to determine if any costs were incurred for the 2024 SSBG grant award prior to the start of the grant period of performance. We found the Department charged $549 to the 2024 SSBG grant for costs prior to the grant award’s performance period began.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Due to staffing vacancies during the fiscal year, the Department did not perform monthly reconciliations to verify the expenditures were for allowable activities and within the period of performance.
In addition, the Department processed expenditure transfers at the grant level. As a result, the Department could not provide an adequate level of support for 42 % of payments to providers charged to the SSBG program. Therefore, we could not determine whether the payments transferred to SSBG were accurate, for allowable activities, and incurred during the period of performance.
Effect of Condition and Questioned Costs
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit some of the federal dollars it transferred to SSBG.
We are questioning $9,098,747 in federal program costs the Department charged to the SSBG program during the audit period. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure the funds it transfers to SSBG are supported by transaction-level support sufficient to comply with federal law
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The Department provided the State Auditor’s Office (SAO) with detailed expenditure data reports and email documentation of management reviews of the expenditures being charged to the SSBG grant. As to the SAO’s specific findings:
Period of performance
The charges identified by the SAO of $549 were related to accrued expenditures recorded at year end closing that were not transferred to the proper grant year. No federal funds were drawn on these accruals per Department guidelines and automated internal controls that are built into the Grants Management System that is used for federal draws.
Provider payments for which the Department could not provide an adequate level of support
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the SAO for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data. Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System and the Agency Financial Reporting System to allow transfers between funding sources to include transaction level data related to the expenditures. The Department looks forward to working with SAO to resolve the transaction level data concerns and move forward with fully auditing the SSBG grant program.
Auditor’s Remarks
Period of Performance
We performed testing to ensure federal awards were charged only for allowable costs within their performance periods. We found the Department improperly charged $549 to the 2024 SSBG grant for costs incurred before the grant’s start date.
Provider payments for which the Department could not provide an adequate level of support
The level of documentation needed to support grant expenditures is not established by our Office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures applicable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-073 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the Social Services Block Grant program.
Assistance Listing Number and Title: 93.667 Social Services Block Grant
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2302WASOSR; 2402WASOSR
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-072
Background
The Department of Children, Youth, and Families administers the Social Services Block Grant (SSBG) program to provide services to children, youth and young adults for case management, foster care, protective services, transportation, childcare and other services, such as child welfare services, intake and assessment, crisis counseling, family reconciliation and licensing staff. In fiscal year 2024, the Department spent about $46.7 million in federal funding.
The Department is required to submit annual SF-425 financial reports for each open SSBG grant. These reports contain information such as the federal grant number, the recipient organization, grant period, reporting period end date, and a summary of expenditures and revenues related to the grant during the reporting period.
The Department is also required to submit annual SSBG Post-Expenditure reports that describe how the Department expended its SSBG grant for each fiscal year. These reports include information such as:
1. The number of eligible people who received services that were fully or partially paid for with SSBG funds
2. The amount of SSBG funds spent on providing each service
3. The method(s) by which each service was provided, showing separately for each service provided by public agencies, private agencies or both
4. The criteria applied in determining eligibility for each service, such as income eligibility guidelines, sliding fee scales, the effect of public assistance benefits, and any requirements for enrollment in school or training programs
5. The state’s definition of “child,” “adult” and “family”
6. Temporary Assistance for Needy Families funds transferred into SSBG
In its approved state plan, the Department has broad flexibility to design and administer the SSBG program. The Department used the SSBG Pre-Expenditure Report and Intended Use Plan approved by the federal partner to identify activities eligible for the SSBG program. Most of the expenditures charged to the SSBG program were initially incurred for the other programs and transferred to the SSBG program. The Department periodically processed accounting adjustments to make these transfers.
Federal law requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have been used in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the SSBG program. The prior finding number was 2023-072.
Description of Condition
The Department did not have adequate internal controls over and did not comply with reporting requirements to ensure reports were complete and accurate for the SSBG program.
Financial Reporting – SF-425
We selected and examined the two SF-425 reports that the Department was required to submit in state fiscal year 2024. During the audit period, the Department processed expenditure transfers at the grant level. As a result, the Department did not identify the specific transactions, or provide the required level of supporting documentation, for 45% of payments to providers that were charged to the SSBG program. These transactions represented about 20% of total SSBG expenditures. Therefore, we could not rely on the data supporting the Department’s reported SF-425 expenditures and could not determine if the reports were accurate and complete. This condition is also reference in audit finding 2024-072.
Performance Reporting – Post-Expenditure Report
Department personnel said they reviewed and approved the Post-Expenditure Report workbook before the information was uploaded into the SSBG portal to ensure the data was complete and accurate. Department personnel then reviewed and approved the Post-Expenditure Report in the SSBG portal to ensure it was complete and accurate before management performed a final review, certified the report and submitted it.
We selected the only SSBG Post-Expenditure Report that the Department was required to submit during the audit period. We found no documented evidence that the appropriate Department personnel reviewed the Post-Expenditure Report Workbook and the SSBG Post-Expenditure Report for accuracy and completeness before management completed the final review and certification of the report.
The unsupported SF-425 expenditures identified above were also included in this report. Therefore, we could not rely on the data supporting the expenditures reported in the Department’s SSBG Post-Expenditure Report and could not determine if it was accurate and complete.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department processed expenditure transfers at the grant level and made accounting adjustments without identifying the actual payments that were used to support those adjustments.
Additionally, while management asserted the Post-Expenditure Report Workbook and SSBG Post-Expenditure Report were reviewed before the report was uploaded into the SSBG portal, there was no evidence that this review occurred.
Effect of Condition
Without establishing adequate internal controls, the Department cannot reasonably ensure that expenditure amounts reported to the grantor are complete and accurate.
By not complying with federal law regarding maintaining adequate supporting documentation for expenditures, the Department created a condition that made it impossible to audit some of the federal dollars it transferred to SSBG and reported on the SF-425 financial report and the SSBG Post-Expenditure report.
Recommendations
We recommend the Department:
• Improve internal controls to ensure management reviews reports along with supporting expenditure and revenue data to ensure completeness and accuracy
• Design and implement internal controls to ensure financial and program reports are supported with an adequate level of detail
Department’s Response
The Department utilizes grant-level management for all federal funds, including the SSBG grant. This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements are met. The Department allocated the SSBG grants to eligible clients and allowable activities in compliance with 45 CFR 98.67 but did not include the level of data recommended by the State Auditor’s Office (SAO) for some transfers. The SAO maintained that the program is not auditable without transaction level data.
The Department maintains that funds were not improperly charged to the SSBG grant. This is a two-year grant that the Department spends down in one fiscal year. The Department provided the SAO with detailed expenditure data reports and email documentation of management reviews of the expenditures being charged to the SSBG grant and changes being requested prior to submission. Management reviewed the expenditure data prior to certifying and submitting the reports in the federal reporting system verifying the requested changes were made. The federal reporting system creates an email after certification which the Department shared with the SAO. The Department was unable to provide email communication between staff and management related to the approval of the changes requested as documentation of the final approval prior to management certifying the report in the federal system as requested by SAO.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. In response to the auditor’s recommendations related to fiscal year 2023 Child Care and Development Fund findings, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided effective July 2024 to develop and maintain the business process that would allow adjustments to include transaction level data. Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System and the Agency Financial Reporting System to allow transfers between funding sources to include transaction level data related to the expenditures. The Department looks forward to working with SAO to resolve the transaction level data concerns and move forward with fully auditing the SSBG grant program.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our office but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. Without adequate transactional level payment data, our Office is unable to perform tests to verify the remaining payments were transferred from eligible and allowable expenditures for the SSBG grant.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 96.30 – Fiscal and administrative requirements, states in part:
a. Fiscal Control and accounting procedures. Except where otherwise required by Federal law or regulation, a State shall obligate and expend block grant funds in accordance with the laws and procedures applicable to the obligation and expenditure of its own funds. Fiscal control and accounting procedures must be sufficient to (a) permit preparation of reports required by the statute authorizing the block grant and (b) permit the tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the restrictions and prohibition of the statute authorizing the block grant.
Title 45 CFR Part 96.74, Annual Reporting Requirements, establishes the reporting requirements for the Pre-Expenditure and Post-Expenditure program reports.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $10,467,736
Prior Year Audit Finding: Yes, Finding 2023-084
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, $50.8 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed are for allowable activities and meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SUPTRS and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards (SEFA).
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SUPTRS subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements. The prior finding numbers were 2023-084 and 2022-067.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements.
During the audit period, the FFR unit recorded two state fiscal year-end estimated accruals totaling $16,195,231. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $5,727,495 in liquidations processed after the state fiscal year close. We used a non-statistical sampling method to randomly select and examine 21 out of a total population of 116 including five individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. Additionally, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided, and reimbursement requests are received.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SUPTRS expenditures reported on the SEFA are for allowable activities and within the period of performance.
We identified $10,467,736 in known questioned costs related to estimated year-end accruals.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquidated provider payments to specific year-end estimated accruals
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $10,467,736 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of fiscal year 2024 expenditures for which invoices have not yet been received. There are no funds associated with the $10.5 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a sample of liquidations made against the accruals processed through September 30, covering the two-month period after the accruals were recorded. Testing was conducted after this date and could have included additional liquidations, but the auditors chose to limit the sample timeframe. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during fiscal year 2024.
The auditor concludes the Authority cannot reasonably ensure the expenditures reported on the SEFA are for allowable activities and within the period of performance, with the implication that the $10.5 million should not have been reported on the SEFA. However, removing the $10.5 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee’s financial statements which must include the total Federal awards expended as determined in accordance with § 75.502…
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab.
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SUPTRS only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SUPTRS, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2024-083 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-086
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
The Federal Funding Accountability and Transparency Act (Act) requires the Authority to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Authority includes a subaward identification form, which contains all the required reporting information, when it creates a new SUPTRS subaward or amendment. After all parties sign it, contract unit staff emails the subaward identification form to the federal financial reporting unit. Federal financial reporting staff review these emails and complete the report as required. There were 138 SUPTRS subawards and amendments that the Authority was required to report in fiscal year 2024, totaling $78,875,512.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SUPTRS program. The prior finding numbers were 2023-086, 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $78.9 million of program funds that it awarded to subrecipients through 138 new and amended subawards for the primary SUPTRS awards. We used a non-statistical sampling method to randomly select and examine 18 of the 138 subawards and amendments, and found that 11 (61%), totaling $2.8 million, did not meet reporting requirements. Of these 11 subawards and amendments, ten were not reported in FSRS and one was submitted two months after the reporting deadline. Of the eight that were reported, there were no issues with the accuracy of the data reported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The federal financial reporting staff relied on subaward identification forms the contract unit emailed to complete FFATA reporting. However, the Authority did not have a process to ensure the contract unit emailed all forms to the federal financial reporting unit. As a result, the Authority did not detect forms that the contract unit did not email to the federal financial reporting unit as missing, and subsequently did not report them.
During the audit period, the Authority developed written procedures to address this issue to ensure it submits all reports as required, but did not implement the process until toward the end of the audit period.
Effect of Condition
Failing to submit the required reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and timely
Authority’s Response
The Authority concurs with the finding. Effective internal controls were put into place partway through FY 24, however inconsistencies during initial implementation were identified. These inconsistencies have been identified and resolved, and the Authority will continue to strengthen the processes moving forward.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-084 The Health Care Authority did not have adequate internal controls to ensure subrecipients of the Block Grants for Substance Use, Prevention, Treatment and Recovery Services program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-087
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use, Prevention, Treatment and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipient that spent $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits along with identifying any program-funded findings and associated management decisions and status of corrective action plans.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding numbers were 2023-087 and 2022-066.
Description of Condition
The Authority did not have adequate internal controls to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority implemented written policies and procedures over its process for tracking subrecipients’ single audits. The procedures included the review of subrecipients’ audits for program-funded findings and the completion of required management decisions. The Authority implemented these policies and procedures in January 2024, halfway through the fiscal year. Before this, the Authority did not have a process in place to ensure compliance.
During compliance testing, we did not identify any noncompliance.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to prior year findings, the Authority developed new policies and procedures, but did not fully implement them until halfway through the fiscal year.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Further, the Authority cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients sufficiently corrected issues identified in audit findings.
Recommendation
We recommend the Authority continue to follow its new policies and procedures to ensure subrecipients obtain required single audits, it issues management decisions when necessary, and that subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations.
Authority’s Response
The Authority concurs with the finding and will continue to follow the policies and procedures implemented during fiscal year 2024.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $10,467,736
Prior Year Audit Finding: Yes, Finding 2023-084
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, $50.8 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed are for allowable activities and meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SUPTRS and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards (SEFA).
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SUPTRS subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements. The prior finding numbers were 2023-084 and 2022-067.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements.
During the audit period, the FFR unit recorded two state fiscal year-end estimated accruals totaling $16,195,231. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $5,727,495 in liquidations processed after the state fiscal year close. We used a non-statistical sampling method to randomly select and examine 21 out of a total population of 116 including five individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. Additionally, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided, and reimbursement requests are received.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SUPTRS expenditures reported on the SEFA are for allowable activities and within the period of performance.
We identified $10,467,736 in known questioned costs related to estimated year-end accruals.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquidated provider payments to specific year-end estimated accruals
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $10,467,736 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of fiscal year 2024 expenditures for which invoices have not yet been received. There are no funds associated with the $10.5 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a sample of liquidations made against the accruals processed through September 30, covering the two-month period after the accruals were recorded. Testing was conducted after this date and could have included additional liquidations, but the auditors chose to limit the sample timeframe. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during fiscal year 2024.
The auditor concludes the Authority cannot reasonably ensure the expenditures reported on the SEFA are for allowable activities and within the period of performance, with the implication that the $10.5 million should not have been reported on the SEFA. However, removing the $10.5 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee’s financial statements which must include the total Federal awards expended as determined in accordance with § 75.502…
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab.
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SUPTRS only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SUPTRS, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2024-083 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-086
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
The Federal Funding Accountability and Transparency Act (Act) requires the Authority to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Authority includes a subaward identification form, which contains all the required reporting information, when it creates a new SUPTRS subaward or amendment. After all parties sign it, contract unit staff emails the subaward identification form to the federal financial reporting unit. Federal financial reporting staff review these emails and complete the report as required. There were 138 SUPTRS subawards and amendments that the Authority was required to report in fiscal year 2024, totaling $78,875,512.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SUPTRS program. The prior finding numbers were 2023-086, 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $78.9 million of program funds that it awarded to subrecipients through 138 new and amended subawards for the primary SUPTRS awards. We used a non-statistical sampling method to randomly select and examine 18 of the 138 subawards and amendments, and found that 11 (61%), totaling $2.8 million, did not meet reporting requirements. Of these 11 subawards and amendments, ten were not reported in FSRS and one was submitted two months after the reporting deadline. Of the eight that were reported, there were no issues with the accuracy of the data reported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The federal financial reporting staff relied on subaward identification forms the contract unit emailed to complete FFATA reporting. However, the Authority did not have a process to ensure the contract unit emailed all forms to the federal financial reporting unit. As a result, the Authority did not detect forms that the contract unit did not email to the federal financial reporting unit as missing, and subsequently did not report them.
During the audit period, the Authority developed written procedures to address this issue to ensure it submits all reports as required, but did not implement the process until toward the end of the audit period.
Effect of Condition
Failing to submit the required reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and timely
Authority’s Response
The Authority concurs with the finding. Effective internal controls were put into place partway through FY 24, however inconsistencies during initial implementation were identified. These inconsistencies have been identified and resolved, and the Authority will continue to strengthen the processes moving forward.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-084 The Health Care Authority did not have adequate internal controls to ensure subrecipients of the Block Grants for Substance Use, Prevention, Treatment and Recovery Services program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-087
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use, Prevention, Treatment and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipient that spent $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits along with identifying any program-funded findings and associated management decisions and status of corrective action plans.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding numbers were 2023-087 and 2022-066.
Description of Condition
The Authority did not have adequate internal controls to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority implemented written policies and procedures over its process for tracking subrecipients’ single audits. The procedures included the review of subrecipients’ audits for program-funded findings and the completion of required management decisions. The Authority implemented these policies and procedures in January 2024, halfway through the fiscal year. Before this, the Authority did not have a process in place to ensure compliance.
During compliance testing, we did not identify any noncompliance.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to prior year findings, the Authority developed new policies and procedures, but did not fully implement them until halfway through the fiscal year.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Further, the Authority cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients sufficiently corrected issues identified in audit findings.
Recommendation
We recommend the Authority continue to follow its new policies and procedures to ensure subrecipients obtain required single audits, it issues management decisions when necessary, and that subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations.
Authority’s Response
The Authority concurs with the finding and will continue to follow the policies and procedures implemented during fiscal year 2024.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $10,467,736
Prior Year Audit Finding: Yes, Finding 2023-084
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, $50.8 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed are for allowable activities and meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SUPTRS and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards (SEFA).
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SUPTRS subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements. The prior finding numbers were 2023-084 and 2022-067.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements.
During the audit period, the FFR unit recorded two state fiscal year-end estimated accruals totaling $16,195,231. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $5,727,495 in liquidations processed after the state fiscal year close. We used a non-statistical sampling method to randomly select and examine 21 out of a total population of 116 including five individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. Additionally, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided, and reimbursement requests are received.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SUPTRS expenditures reported on the SEFA are for allowable activities and within the period of performance.
We identified $10,467,736 in known questioned costs related to estimated year-end accruals.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquidated provider payments to specific year-end estimated accruals
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $10,467,736 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of fiscal year 2024 expenditures for which invoices have not yet been received. There are no funds associated with the $10.5 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a sample of liquidations made against the accruals processed through September 30, covering the two-month period after the accruals were recorded. Testing was conducted after this date and could have included additional liquidations, but the auditors chose to limit the sample timeframe. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during fiscal year 2024.
The auditor concludes the Authority cannot reasonably ensure the expenditures reported on the SEFA are for allowable activities and within the period of performance, with the implication that the $10.5 million should not have been reported on the SEFA. However, removing the $10.5 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee’s financial statements which must include the total Federal awards expended as determined in accordance with § 75.502…
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab.
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SUPTRS only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SUPTRS, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2024-083 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-086
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
The Federal Funding Accountability and Transparency Act (Act) requires the Authority to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Authority includes a subaward identification form, which contains all the required reporting information, when it creates a new SUPTRS subaward or amendment. After all parties sign it, contract unit staff emails the subaward identification form to the federal financial reporting unit. Federal financial reporting staff review these emails and complete the report as required. There were 138 SUPTRS subawards and amendments that the Authority was required to report in fiscal year 2024, totaling $78,875,512.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SUPTRS program. The prior finding numbers were 2023-086, 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $78.9 million of program funds that it awarded to subrecipients through 138 new and amended subawards for the primary SUPTRS awards. We used a non-statistical sampling method to randomly select and examine 18 of the 138 subawards and amendments, and found that 11 (61%), totaling $2.8 million, did not meet reporting requirements. Of these 11 subawards and amendments, ten were not reported in FSRS and one was submitted two months after the reporting deadline. Of the eight that were reported, there were no issues with the accuracy of the data reported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The federal financial reporting staff relied on subaward identification forms the contract unit emailed to complete FFATA reporting. However, the Authority did not have a process to ensure the contract unit emailed all forms to the federal financial reporting unit. As a result, the Authority did not detect forms that the contract unit did not email to the federal financial reporting unit as missing, and subsequently did not report them.
During the audit period, the Authority developed written procedures to address this issue to ensure it submits all reports as required, but did not implement the process until toward the end of the audit period.
Effect of Condition
Failing to submit the required reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and timely
Authority’s Response
The Authority concurs with the finding. Effective internal controls were put into place partway through FY 24, however inconsistencies during initial implementation were identified. These inconsistencies have been identified and resolved, and the Authority will continue to strengthen the processes moving forward.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-084 The Health Care Authority did not have adequate internal controls to ensure subrecipients of the Block Grants for Substance Use, Prevention, Treatment and Recovery Services program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-087
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use, Prevention, Treatment and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipient that spent $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits along with identifying any program-funded findings and associated management decisions and status of corrective action plans.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding numbers were 2023-087 and 2022-066.
Description of Condition
The Authority did not have adequate internal controls to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority implemented written policies and procedures over its process for tracking subrecipients’ single audits. The procedures included the review of subrecipients’ audits for program-funded findings and the completion of required management decisions. The Authority implemented these policies and procedures in January 2024, halfway through the fiscal year. Before this, the Authority did not have a process in place to ensure compliance.
During compliance testing, we did not identify any noncompliance.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to prior year findings, the Authority developed new policies and procedures, but did not fully implement them until halfway through the fiscal year.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Further, the Authority cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients sufficiently corrected issues identified in audit findings.
Recommendation
We recommend the Authority continue to follow its new policies and procedures to ensure subrecipients obtain required single audits, it issues management decisions when necessary, and that subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations.
Authority’s Response
The Authority concurs with the finding and will continue to follow the policies and procedures implemented during fiscal year 2024.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $10,467,736
Prior Year Audit Finding: Yes, Finding 2023-084
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, $50.8 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed are for allowable activities and meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SUPTRS and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards (SEFA).
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SUPTRS subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements. The prior finding numbers were 2023-084 and 2022-067.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements.
During the audit period, the FFR unit recorded two state fiscal year-end estimated accruals totaling $16,195,231. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $5,727,495 in liquidations processed after the state fiscal year close. We used a non-statistical sampling method to randomly select and examine 21 out of a total population of 116 including five individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. Additionally, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided, and reimbursement requests are received.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SUPTRS expenditures reported on the SEFA are for allowable activities and within the period of performance.
We identified $10,467,736 in known questioned costs related to estimated year-end accruals.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquidated provider payments to specific year-end estimated accruals
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $10,467,736 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of fiscal year 2024 expenditures for which invoices have not yet been received. There are no funds associated with the $10.5 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a sample of liquidations made against the accruals processed through September 30, covering the two-month period after the accruals were recorded. Testing was conducted after this date and could have included additional liquidations, but the auditors chose to limit the sample timeframe. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during fiscal year 2024.
The auditor concludes the Authority cannot reasonably ensure the expenditures reported on the SEFA are for allowable activities and within the period of performance, with the implication that the $10.5 million should not have been reported on the SEFA. However, removing the $10.5 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee’s financial statements which must include the total Federal awards expended as determined in accordance with § 75.502…
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab.
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SUPTRS only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SUPTRS, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2024-083 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-086
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
The Federal Funding Accountability and Transparency Act (Act) requires the Authority to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Authority includes a subaward identification form, which contains all the required reporting information, when it creates a new SUPTRS subaward or amendment. After all parties sign it, contract unit staff emails the subaward identification form to the federal financial reporting unit. Federal financial reporting staff review these emails and complete the report as required. There were 138 SUPTRS subawards and amendments that the Authority was required to report in fiscal year 2024, totaling $78,875,512.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SUPTRS program. The prior finding numbers were 2023-086, 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $78.9 million of program funds that it awarded to subrecipients through 138 new and amended subawards for the primary SUPTRS awards. We used a non-statistical sampling method to randomly select and examine 18 of the 138 subawards and amendments, and found that 11 (61%), totaling $2.8 million, did not meet reporting requirements. Of these 11 subawards and amendments, ten were not reported in FSRS and one was submitted two months after the reporting deadline. Of the eight that were reported, there were no issues with the accuracy of the data reported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The federal financial reporting staff relied on subaward identification forms the contract unit emailed to complete FFATA reporting. However, the Authority did not have a process to ensure the contract unit emailed all forms to the federal financial reporting unit. As a result, the Authority did not detect forms that the contract unit did not email to the federal financial reporting unit as missing, and subsequently did not report them.
During the audit period, the Authority developed written procedures to address this issue to ensure it submits all reports as required, but did not implement the process until toward the end of the audit period.
Effect of Condition
Failing to submit the required reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and timely
Authority’s Response
The Authority concurs with the finding. Effective internal controls were put into place partway through FY 24, however inconsistencies during initial implementation were identified. These inconsistencies have been identified and resolved, and the Authority will continue to strengthen the processes moving forward.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-084 The Health Care Authority did not have adequate internal controls to ensure subrecipients of the Block Grants for Substance Use, Prevention, Treatment and Recovery Services program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-087
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use, Prevention, Treatment and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipient that spent $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits along with identifying any program-funded findings and associated management decisions and status of corrective action plans.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding numbers were 2023-087 and 2022-066.
Description of Condition
The Authority did not have adequate internal controls to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority implemented written policies and procedures over its process for tracking subrecipients’ single audits. The procedures included the review of subrecipients’ audits for program-funded findings and the completion of required management decisions. The Authority implemented these policies and procedures in January 2024, halfway through the fiscal year. Before this, the Authority did not have a process in place to ensure compliance.
During compliance testing, we did not identify any noncompliance.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to prior year findings, the Authority developed new policies and procedures, but did not fully implement them until halfway through the fiscal year.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Further, the Authority cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients sufficiently corrected issues identified in audit findings.
Recommendation
We recommend the Authority continue to follow its new policies and procedures to ensure subrecipients obtain required single audits, it issues management decisions when necessary, and that subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations.
Authority’s Response
The Authority concurs with the finding and will continue to follow the policies and procedures implemented during fiscal year 2024.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-082 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services program were allowable and met period of performance requirements.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed
Allowable Costs/ Cost Principles
Period of Performance
Known Questioned Cost Amount: $10,467,736
Prior Year Audit Finding: Yes, Finding 2023-084
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, $50.8 million of which it paid to subrecipients.
The Authority can use grant funds only for costs that are allowable and incurred during the period of performance, as specified in the grant’s terms and conditions. At the beginning of each federal fiscal year, and whenever the Authority receives a new federal grant, it establishes new cost objectives and allocation codes to ensure expenditures are charged to the proper grants. When the Authority receives reimbursement requests, program managers are responsible for reviewing supporting documentation to determine if the services billed are for allowable activities and meet the period of performance requirements under the grant. Fiscal managers are also responsible for ensuring that payments are coded to the correct period.
The Authority follows the accrual basis of accounting and uses the Agency Financial Reporting System (AFRS), the state’s central accounting system, to record federal expenditures. At the end of the fiscal year, the Authority’s federal financial reporting (FFR) unit estimates the amount of outstanding obligations to providers. These amounts are recorded in AFRS as an accrued expenditure for SUPTRS and subsequently reported to the Office of Financial Management for the compilation of the Schedule of Expenditures of Federal Awards (SEFA).
The FFR unit has written procedures for calculating its estimated accruals. The calculation begins by using a spreadsheet that tracks all active contractual obligations to SUPTRS subrecipients and vendors. These amounts are then prorated to include only obligations that are expected during the state fiscal year. Obligations for agency salaries and benefits, interagency agreements, direct purchases, state universities and travel are removed from this total. The remaining total is then reduced by the amount of accruals already recorded and actual payments already made to the subrecipients and vendors. The remaining total is recorded as an estimated accrual for the fiscal year.
In the following fiscal year and up to two years after, the Authority liquidates program expenditures associated with the estimated accrual. The liquidations associated to a prior fiscal year estimated accrual do not tie directly to an estimated accrual, instead it is applied to the program as a whole for that period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements. The prior finding numbers were 2023-084 and 2022-067.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure payments to providers for the SUPTRS program were allowable and met period of performance requirements.
During the audit period, the FFR unit recorded two state fiscal year-end estimated accruals totaling $16,195,231. We determined the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year. To determine if actual expenditures associated with these accruals are for allowable activities and within the period of performance, we tested $5,727,495 in liquidations processed after the state fiscal year close. We used a non-statistical sampling method to randomly select and examine 21 out of a total population of 116 including five individually significant items. There were no issues identified. However, the remaining non-liquidated year-end estimated accruals could not be tested for compliance.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
While the Authority has a process to determine the year-end estimated accruals, management allows for the liquidation of these accruals to be processed over as many as three years after the end of the audit period. Additionally, Authority officials said that the large amount of year-end estimated accruals is due to a significant lag between when services are provided, and reimbursement requests are received.
Effect of Condition and Questioned Costs
Without having actual expenditures with supporting documentation to account for the amount in the year-end estimated accruals, the Authority cannot reasonably ensure that SUPTRS expenditures reported on the SEFA are for allowable activities and within the period of performance.
We identified $10,467,736 in known questioned costs related to estimated year-end accruals.
Without establishing adequate internal controls, the Authority cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Authority:
• Improve its internal controls to ensure estimated accruals are reasonable and supported
• Establish process to associate liquidated provider payments to specific year-end estimated accruals
• Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid
Authority’s Response
The Authority does not concur with the finding. The auditors are questioning $10,467,736 of unliquidated accruals. This amount does not reflect funds that have been paid or drawn from the grantor, but rather the Authority’s best estimate of fiscal year 2024 expenditures for which invoices have not yet been received. There are no funds associated with the $10.5 million to return to the grantor. As the auditor notes in the finding above, “the process to estimate the year-end accruals is reasonable and included only subrecipient obligations for the state fiscal year.” Further, the auditors tested a sample of liquidations made against the accruals processed through September 30, covering the two-month period after the accruals were recorded. Testing was conducted after this date and could have included additional liquidations, but the auditors chose to limit the sample timeframe. All reviewed liquidations were for allowable program costs within the grant period of performance, and for activities occurring during the state fiscal year.
The Authority has additional controls to review expenditures at the end of each grant to ensure expenditures were within the allowed period of performance. Any liquidations made against the grant can be reviewed through the end of the grant period, and no payments would be liquidated against the accruals that were not for allowable services provided during fiscal year 2024.
The auditor concludes the Authority cannot reasonably ensure the expenditures reported on the SEFA are for allowable activities and within the period of performance, with the implication that the $10.5 million should not have been reported on the SEFA. However, removing the $10.5 million would result in a significant misstatement on the SEFA and provide inaccurate information to the grantor.
The Authority stands by its accrual methodology and its controls over activities allowed and period of performance requirements.
Auditor’s Remarks
The Authority reports cash and accrued expenditures on the Schedule of Expenditures of Federal Awards and, as such, the accruals are required to be audited. We therefore tested the liquidations associated with these accruals. While we did not find noncompliance with the samples selected and tested, we cannot determine if the remaining year end estimated accruals that have not been liquidated are for allowable activities and within their period of performance.
We reaffirm our finding and will follow up on the status of the Authority’s corrective action during our next audit period.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 502, Basis for determining federal awards expended, states in part:
a. Determining Federal awards expended. The determination of when a Federal award is expended must be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as: expenditure/expense transactions associated with awards including grants, cost-reimbursement contracts under the FAR, compacts with Indian Tribes, cooperative agreements, and direct appropriations; the disbursement of funds to subrecipients; the use of loan proceeds under loan and loan guarantee programs; the receipt of property; the receipt of surplus property; the receipt or use of program income; the distribution or use of food commodities; the disbursement of amounts entitling the non-Federal entity to an interest subsidy; and the period when insurance is in force.
Title 45 CFR Part 75, section 510, Financial statements, states in part:
b. Schedule of expenditures of Federal awards. The auditee must also prepare a schedule of expenditures of Federal awards for the period covered by the auditee’s financial statements which must include the total Federal awards expended as determined in accordance with § 75.502…
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Behavioral Health Grant Unit Year-End Accrual Procedure, states in part:
WHAT IS ACCRUAL: Accruals are accounting entries done to record actual or estimated expenditures incurred but not paid.
PURPOSE: When done during year-end close, accruals record actual and/or estimated amounts incurred in the closing year that will not be paid until the subsequent year. Within the Federal Financial Reporting (FFR), Behavioral Health (BH) grants staff prepare year-end accruals of contract costs that the Accounting Section does not. The BH supervisor will notify unit staff of the timeline for this process as it may differ from year to year.
BACKGROUND: The Accounting Section reviews accruals and liquidations at a high-level (Program, Fund, and Fund Source) to ensure the agency has not exceeded its authority. While some year-end accruals are based on actual billings/claims, many are based on estimates due to the lag time of billings. Estimates are also used due to the number of contracts per grants (typically the Block Grants and the State Opioid Response (SOR) grants).
BLOCK GRANT PROCESS:
1. BH Grants staff creates a SFY Accrual workbook using the JV workbook template.
2. BH Grants staff saves a copy of the obligations from DBHR’s tracking workbook and places it in the BH Accrual Folder for the SFY. Copy the relevant data from the DBHR workbook into the SFY workbook created for accrual development. Obligation amounts may differ as DBHR is not necessarily recording obligations for a single state fiscal year.
3. BH Grants staff, on the SFY Obligation tab, removes the following obligations from the accrual process:
a. Interagency agreements
b. State universities
c. Direct purchases
d. Agency salaries and benefits
e. Travel
Note:
a. If a contract has not started and has no expenditures verify if an accrual is needed or the obligation amount should be removed.
b. Pro-rate contracts that include month of service for the prior or next SFY year, so as to not over accrue.
c. If a project is listed, but no contract agreement number has been verified, double check with DBHR program and if not, remove amount from obligation. The workbook will include the revised obligations.
4. BH Grants staff pulls grant direct expenditure data from the beginning of the fiscal year to the end of the fiscal year to include (99 and 25) depending on which fiscal year it is in the biennium.
a. First SFY of the biennium include FM01 through FM99
b. Second SFY of the biennium include FM13 through FM25
c. Include GL Account: (6510) cash expenditures and (6505) accruals
d. Use grant specific Webi criteria
e. Note – Accruals (GL 6505) are included to determine what has already been recorded by AP to ensure total accruals are not overstated.
f. Filter out interagency and state universities amounts as well as objects A (salaries), B (benefits), and G (travel) data from original data pull and save this data to another tab.
g. Use the data, minus interagency and objects that were removed, to prepare pivot tables.
h. Input the obligation amount on the pivot tab from the SFY obligation tab.
i. Run each pivot table using the data minus interagency & object tab (see #6 – #10 below).
j. Reminder – DO NOT accrue salaries/benefits/travel/direct purchases.
5. Using the revised obligations tab – complete the below pivots.
• NOTE: See item #2 - For auditing purposes, place a copy of the original obligation spreadsheet in the accrual folder, date the spreadsheet, so you have backup data to the obligation total you are now using.
• Using the tab with our own tracking for the prior state fiscal year (SFYXX). See item #3 - Review contracts to see if they were executed, if not an accrual is not needed. We are ONLY accruing for CONTRACTS. Accruals are booked against the award we are actively spending on. We are not accruing on the award that is spent out.
a. First pivot – identifies total expenditures and accruals for SFY being processed. Use the expenditure amount (GL 6510) for the second pivot table.
b. Second pivot – establish the most used subobject; allows for the distribution of expenditures between ER and NB as they are the most common.
c. Third and Fourth pivots – determines the most common PI each of the subobjects identified in Second pivot.
d. Fifth pivot – identifies most common org index.
e. Sixth pivot – (SUPTRS only) identifies the ER and NB expenditures by allocation. This allows for the accrual to be prepared as a percentage to each allocation code based on the total expenditures.
6. BH Grants staff calculate percentages to spread the accrual across ER and/or NB in allocations, per grant (ex. 82** for SUPTRS, and 20** for MHBG).
7. BH Grants staff complete the remainder of the workbook following the established JV process:
a. Obtain JV number from log
b. Add an explanation/purpose for the JV
c. Include backup data for the upload and release tab.
d. Use the correct transaction codes (TC) for accruals
i. TC 736 RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 6505 – Debit – Accrued Expenditures/Expenses
2. GL 5111 – Credit – Short Term Payables
ii. TC 736R RCRD ACCT/VOU PAY-NO ENCUMBRANCE
1. GL 5111 – Debit – Short Term Payables
2. GL 6505 – Credit – Accrued Expenditures/Expenses
8. Upload the JV using the OFM Toolbox and email JV workbook to BH Grants Supervisor and Lead.
9. BH Grants Supervisor and/or Lead reviews, approves, and releases the JV.
2024-083 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Federal Funding Accountability and Transparency Act for the Block Grants for Substance Use Prevention, Treatment, and Recovery Services.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-086
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use Prevention, Treatment, and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
The Federal Funding Accountability and Transparency Act (Act) requires the Authority to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Authority must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Authority includes a subaward identification form, which contains all the required reporting information, when it creates a new SUPTRS subaward or amendment. After all parties sign it, contract unit staff emails the subaward identification form to the federal financial reporting unit. Federal financial reporting staff review these emails and complete the report as required. There were 138 SUPTRS subawards and amendments that the Authority was required to report in fiscal year 2024, totaling $78,875,512.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the SUPTRS program. The prior finding numbers were 2023-086, 2022-069 and 2021-058.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it filed accurate and timely reports required by the Act.
During the audit period, the Authority was required to report about $78.9 million of program funds that it awarded to subrecipients through 138 new and amended subawards for the primary SUPTRS awards. We used a non-statistical sampling method to randomly select and examine 18 of the 138 subawards and amendments, and found that 11 (61%), totaling $2.8 million, did not meet reporting requirements. Of these 11 subawards and amendments, ten were not reported in FSRS and one was submitted two months after the reporting deadline. Of the eight that were reported, there were no issues with the accuracy of the data reported.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The federal financial reporting staff relied on subaward identification forms the contract unit emailed to complete FFATA reporting. However, the Authority did not have a process to ensure the contract unit emailed all forms to the federal financial reporting unit. As a result, the Authority did not detect forms that the contract unit did not email to the federal financial reporting unit as missing, and subsequently did not report them.
During the audit period, the Authority developed written procedures to address this issue to ensure it submits all reports as required, but did not implement the process until toward the end of the audit period.
Effect of Condition
Failing to submit the required reports on time diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Authority:
• Establish effective internal controls to ensure it submits all required reports
• Provide training for employees who oversee reporting and who verify the submission and accuracy of the reports
• Ensure management monitors reporting of this information to ensure future reports are submitted completely and timely
Authority’s Response
The Authority concurs with the finding. Effective internal controls were put into place partway through FY 24, however inconsistencies during initial implementation were identified. These inconsistencies have been identified and resolved, and the Authority will continue to strengthen the processes moving forward.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-084 The Health Care Authority did not have adequate internal controls to ensure subrecipients of the Block Grants for Substance Use, Prevention, Treatment and Recovery Services program received required single audits, and that it appropriately followed up on findings and issued management decisions.
Assistance Listing Number and Title: 93.959 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
93.959 COVID-19 Block Grants for Substance Use, Prevention, Treatment, and Recovery Services
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: B08TI03977-01, 1B08TI083519-01, 6B08TI083519-001M001, 6B08TI083519-01M002, 1B08TI084617-01, 1B08TI084681-01, 6B08TI084681-01M001, 6B08TI084681-01M002, 1B08TI085843-01, 6B08TI085843-01M002, 1B08TI087075-01, 1B08TI087075-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-087
Background
The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Substance Use, Prevention, Treatment and Recovery Services (SUPTRS). The Authority subawards federal funds to counties, tribes and nonprofit organizations to develop substance use prevention programs and provide treatment and support services. In fiscal year 2024, the Authority spent about $65.6 million in federal program funds, including about $50.8 million it paid to subrecipients.
Federal regulations require the Authority to monitor its subrecipients’ activities. This includes verifying that its subrecipient that spent $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier.
Additionally, for the awards it passes to subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements.
To monitor its compliance with these requirements, the Authority uses Excel workbooks to track subrecipients’ single audits along with identifying any program-funded findings and associated management decisions and status of corrective action plans.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions. The prior finding numbers were 2023-087 and 2022-066.
Description of Condition
The Authority did not have adequate internal controls to ensure subrecipients of the SUPTRS program received required single audits, and that it appropriately followed up on findings and issued management decisions.
The Authority implemented written policies and procedures over its process for tracking subrecipients’ single audits. The procedures included the review of subrecipients’ audits for program-funded findings and the completion of required management decisions. The Authority implemented these policies and procedures in January 2024, halfway through the fiscal year. Before this, the Authority did not have a process in place to ensure compliance.
During compliance testing, we did not identify any noncompliance.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to prior year findings, the Authority developed new policies and procedures, but did not fully implement them until halfway through the fiscal year.
Effect of Condition
Without establishing adequate internal controls, the Authority cannot ensure all subrecipients received single audits when they were required. Further, the Authority cannot ensure it follows up on subrecipient single audit findings and communicates required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and that management monitors them for effectiveness, the Authority cannot determine whether its subrecipients sufficiently corrected issues identified in audit findings.
Recommendation
We recommend the Authority continue to follow its new policies and procedures to ensure subrecipients obtain required single audits, it issues management decisions when necessary, and that subrecipients develop and take acceptable corrective actions to adequately address all audit recommendations.
Authority’s Response
The Authority concurs with the finding and will continue to follow the policies and procedures implemented during fiscal year 2024.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, Section 352, Requirements for pass-through entities states in part:
All pass-through entities must:
(d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:
(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.
(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 75.521.
(f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 75.501.
(h) Consider taking enforcement action against noncompliant subrecipients as described in § 75.371 and in program regulations.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-085 The Military Department did not have adequate internal controls to ensure it accurately filed reports required by the Federal Funding Accountability and Transparency Act for the Disaster Grants Public Assistance program.
Assistance Listing Number and Title: 97.036 Disaster Grants – Public Assistance
Federal Grantor Name: Department of Homeland Security
Federal Award/Contract Number: 1671DRWAP0000001;1734DRWAP0000001; 1817DRWAP0000001;1963DRWAP0000001; 4056DRWAP0000001;4083DRWAP0000001; 4168DRWAP0000001;4188DRWAP0000001; 4242DRWAP0000001;4243DRWAP0000001; 4249DRWAP0000001;4253DRWAP0000001; 4309DRWAP0000001;4418DRWAP0000001; 4481DRWAP0000001;4539DRWAP0000001; 4584DRWAP0000001;4593DRWAP0000001; 4635DRWAP0000001;4650DRWAP0000001; 4682DRWAP0000001
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
The Washington Military Department, Emergency Management Division, administers the Disaster Grant – Public Assistance (PA) program. The Department subawards federal funds to state agencies, tribes, local governments and certain types of private nonprofit organizations to help fund their response to and recovery from disasters. Following a presidential declaration of a major disaster or an emergency, the Federal Emergency Management Agency (FEMA) provides supplemental federal disaster grants assistance for debris removal, emergency protective measures and the restoration of disaster damaged facilities owned by states, municipalities, tribes and certain types of private nonprofit organizations.
In state fiscal year 2024, the Department spent about $530.9 million in federal program funds, including about $529.8 million it paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending. Department policy requires it to report all subawards in FSRS regardless of if they are more than the $30,000 threshold.
FEMA issues subaward and amendment obligation of project funding notifications as an S1 report. PA program staff use the S1 report to enter obligation details into the Contracts Unit’s FFATA Reporting Spreadsheet that contains the required reporting information for the subawards. Contracts staff then submit the report based on the FFATA Reporting Spreadsheet. There were 447 PA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $922,836,314.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls to ensure it accurately filed reports required for the PA program.
We used a statistical sampling method and randomly select and examine 55 out of the total population of 447 subawards and subaward amendments. We found:
• The Department did not report one subaward (2%) totaling $97,515 in FSRS
• The Department overreported one subaward obligation (2%) totaling $1,615,363 by $20,000
• One subaward (2%) totaling $43,497 contained the wrong subaward identification number in FSRS
• The Department did not report five subawards and amendments (9%) totaling $50,662 on time in FSRS.
Additionally, there were 10 subawards (18%), totaling $1,128,644, in which the subaward obligation date did not match the obligation date reported in FSRS.
We consider these internal control deficiencies to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Department had procedures in place to ensure it reported subawards and amendments in FSRS. However, management did not ensure program staff entered all subaward information in the FFATA reporting spreadsheet correctly.
Effect of Condition
Failing to submit the required reports on time and accurately diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Follow established procedures to ensure it enters all required information accurately into FSRS
Department’s Response
During SFY 2023-24, FEMA implemented two significant methodology changes:
• FEMA transitioned from using FEMA EMMIE Reports to FEMA Grants Portal Reports for S1 forms. During this transition, the PA Program staff encountered challenges when trying to identify the accurate obligation date for each sub-recipient, which resulted in discrepancies in the data we reported in FFATA.
• U.S. General Services Administration was continuing to transition from using DUNS to UEI numbers. During this transition, the PA Program staff and Contracts Office had to work extensively with sub-recipients to obtain the subrecipients’ UEI numbers so FFATA reports could be submitted. If the sub-recipients had not yet provided their UEI number but was granted a sub-award, the sub-award was submitted on the FFATA report without a UEI number.
During this time period, the PA Program was involved in nine major disaster declarations, creating a much higher workload than normal. PA Program personnel were spread across four locations: the PA Program main office at Camp Murray, a Joint Field Office (JFO) in Lacey, an Area Field Office (AFO) in Spokane, and an Area Field Office (AFO)-Bellingham. Simultaneously, the PA Program experienced a significant staff turnover at the program staff and supervisory levels.
Between the change in data collection/reporting processes, increased workload, decentralization of employees, and employee turnover, data entry errors were more prevalent during this time period.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subaward and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for the subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Military Department, Finance Division Procedure No. FIN-108-13, Federal Funding Accountability and Transparency Act (FFATA) Reporting, states in part:
The WMD Contracts Office is responsible for all FFATA Reporting, which will be conducted no later than the end of each month.
A. FFATA Reporting:
1. Monthly FFATA reports will be generated and filed in the FFATA Subaward Reporting System (FSRS) website by the end of the month following the month in which WMD awards any subcontract greater than $30,000. The reports generated and filed using the “Submitting FFATA Reports” procedures established by the Contracts Office.
2. By the 15th of each month, the Public Assistance program will enter all subawards for the reporting month in the FFATA reporting worksheet located on the Grants page within the Finance Department’s SharePoint site. All PA awards included in the FFATA reporting worksheet are reported by the contracts office, even if it is under the $30,000 threshold.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-010 The Employment Security Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Federal Funding Accountability and Transparency Act for the Workforce Innovation and Opportunity grant.
Assistance Listing Number and Title: 17.258 Workforce Innovation and Opportunity Adult Program
17.259 Workforce Innovation and Opportunity Youth Activities
17.278 Workforce Innovation and Opportunity Dislocated Worker Formula Grants
Federal Grantor Name: U.S. Department of Labor
Federal Award/Contract Number: AA-36352-21-55-A-53
AA-38562-22-55-A-53
23A55AT00043-01-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-011
Background
The Employment Security Department administers the Workforce Innovation and Opportunity Act (WIOA) grant to help job seekers access employment, education, training and support services to succeed in the labor market. WIOA provides employment and training programs for adults, dislocated workers and youth. In fiscal year 2024, the Department spent about $70.3 million in WIOA federal funding, including about $66 million paid to subrecipients.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and, as a result, reduce wasteful government spending.
When a new subaward is executed, Department staff prepare the Fund Manager Spreadsheet that contains the required reporting information for the subawards. Staff then submit the report based on the Fund Manager Spreadsheet. There were 22 WIOA subawards and amendments that the Department was required to report in fiscal year 2024, totaling $48,772,426.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant. The prior finding number was 2023-011.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act for the WIOA grant.
During the audit period, the Department was required to report 22 subawards, totaling about $48 million of program funds, that it awarded to 12 subrecipients. We used a nonstatistical sampling method to randomly select and examine seven out of the total population of 22 subawards. We found:
• Three out of seven subawards (43%), totaling $417,919, that the Department did not report in FSRS
• The other four subawards (57%), totaling $16,820,245, had the incorrect subaward obligation/action dates, and the Department did not submit them on time
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Department officials said management reviews the reports to ensure they are accurate and submitted on time. However, there was no documentation to demonstrate the reviews occurred. If the Department did conduct these reviews, they were not sufficient to ensure that it reported all executed subawards and subaward amendments on time and accurately in FSRS.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendations
We recommend the Department:
• Establish effective internal controls to ensure it submits all required reports on time and accurately
• Provide training for employees who prepare and review the reports
Department’s Response
The Department concurs with the finding and thanks SAO’s work to ensure federal requirements are met over the WIOA grant.
The Department has developed a comprehensive SOP to ensure these reports are submitted timely, reviewed, and submission dates are documented. This includes review and approval of the FFATA input sheet and required elements prior to entry into the system. After the report is submitted, it is reviewed, and evidence is saved.
Additionally, the Department has expanded FFATA requirements training to all personnel within the Grants Management Unit to ensure the accuracy of reporting.
FSRS is currently being phased out and new system will go live in March 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, states in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless the recipient is exempt as provided in paragraph (d) of this award term, the recipient must report each subaward that equals or exceeds $30,000 in Federal funds for a subaward to an entity or Federal agency. The recipient must also report a subaward if a modification increases the Federal funding to an amount that equals or exceeds $30,000. All reported subawards should reflect the total amount of the subaward.
2. Reporting Requirements.
i. The recipient must report each subaward described in paragraph (a)(1) of this award term to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS) at https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the subaward was made on November 7, 2025, the subaward must be reported by no later than December 31, 2025).
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-024 The Office of Superintendent of Public Instruction improperly charged $5,139 to the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $5,139
Prior Year Audit Finding: None
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local education agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $251 million in federal IDEA grant funds during fiscal year 2024 and passed about $243 million of that funding through to LEAs and educational service districts.
The grantor identified that obligations charged to the fiscal year 2022 IDEA grant funds must be obligated or incurred prior to September 30, 2023.
Description of Condition
The Office improperly charged $5,139 to the program.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. We used a nonstatistical sampling method to randomly select and examine 13 payments of a total of 68 that the Office made close to the end of the obligation period to ensure they were allowable and obligated within the proper period. During our testing, we found three charges totaling $5,139 that were obligated after the obligation period ended.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2023 IDEA part B grant. These payments were initially charged to an allowable grant, but staff made adjustments and moved them to the fiscal year 2022 IDEA part B grant. Therefore, the payments were then noncompliant with period of performance requirements.
Effect of Condition and Questioned Costs
We identified $5,139 in questioned costs that were obligated outside the obligation date.
Projection to population Known Questioned Costs Likely Questioned Costs
Federal expenditures $5,139 $26,883
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding.
To ensure that expenditures occurring outside of a grant’s period of performance are not shifted to the grant during its liquidation period, OSPI has established internal controls to address accounting adjustments made during liquidation periods. Journal vouchers (corrections) will be verified by budget staff prior to submission to ensure expenditures occurred within the grant period of performance. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through reconciliation of monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum.
• Verify that all expenditures corrected with journal vouchers during the grant liquidation period have occurred during the grant period of performance.
• Complete expenditure corrections within the grant liquidation period.
• Liquidation is done on the last business day of January (or 120 days after the budget period ends).
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2022 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H137A210074 and H027A210074 as July 1, 2021 through September 30, 2023.
Tile 20 United States Code 1225(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months.
2024-025 Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-036
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grant to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $285 million in federal IDEA grant funds during fiscal year 2024 and passed about $276 million of that funding through to LEAs and all nine education service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the subaward’s terms and conditions to determine the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2023-036, 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office’s Special Education division revised and expanded the form package that ESDs need to submit as part of year-end reporting. The corrective action was not fully implemented during the fiscal 2024 year, and therefore the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. As of April 2024, OSPI Special Education division fully implemented the accepted corrective action plan and conducted fiscal monitoring of all nine (9) Educational Service Districts (ESDs) statewide. All nine (9) ESDs received a fiscal monitoring report no later than April 2024.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to a future onsite visit if deemed necessary.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-024 The Office of Superintendent of Public Instruction improperly charged $5,139 to the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $5,139
Prior Year Audit Finding: None
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local education agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $251 million in federal IDEA grant funds during fiscal year 2024 and passed about $243 million of that funding through to LEAs and educational service districts.
The grantor identified that obligations charged to the fiscal year 2022 IDEA grant funds must be obligated or incurred prior to September 30, 2023.
Description of Condition
The Office improperly charged $5,139 to the program.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. We used a nonstatistical sampling method to randomly select and examine 13 payments of a total of 68 that the Office made close to the end of the obligation period to ensure they were allowable and obligated within the proper period. During our testing, we found three charges totaling $5,139 that were obligated after the obligation period ended.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2023 IDEA part B grant. These payments were initially charged to an allowable grant, but staff made adjustments and moved them to the fiscal year 2022 IDEA part B grant. Therefore, the payments were then noncompliant with period of performance requirements.
Effect of Condition and Questioned Costs
We identified $5,139 in questioned costs that were obligated outside the obligation date.
Projection to population Known Questioned Costs Likely Questioned Costs
Federal expenditures $5,139 $26,883
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding.
To ensure that expenditures occurring outside of a grant’s period of performance are not shifted to the grant during its liquidation period, OSPI has established internal controls to address accounting adjustments made during liquidation periods. Journal vouchers (corrections) will be verified by budget staff prior to submission to ensure expenditures occurred within the grant period of performance. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through reconciliation of monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum.
• Verify that all expenditures corrected with journal vouchers during the grant liquidation period have occurred during the grant period of performance.
• Complete expenditure corrections within the grant liquidation period.
• Liquidation is done on the last business day of January (or 120 days after the budget period ends).
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2022 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H137A210074 and H027A210074 as July 1, 2021 through September 30, 2023.
Tile 20 United States Code 1225(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months.
2024-025 Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-036
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grant to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $285 million in federal IDEA grant funds during fiscal year 2024 and passed about $276 million of that funding through to LEAs and all nine education service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the subaward’s terms and conditions to determine the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2023-036, 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office’s Special Education division revised and expanded the form package that ESDs need to submit as part of year-end reporting. The corrective action was not fully implemented during the fiscal 2024 year, and therefore the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. As of April 2024, OSPI Special Education division fully implemented the accepted corrective action plan and conducted fiscal monitoring of all nine (9) Educational Service Districts (ESDs) statewide. All nine (9) ESDs received a fiscal monitoring report no later than April 2024.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to a future onsite visit if deemed necessary.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-024 The Office of Superintendent of Public Instruction improperly charged $5,139 to the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $5,139
Prior Year Audit Finding: None
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local education agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $251 million in federal IDEA grant funds during fiscal year 2024 and passed about $243 million of that funding through to LEAs and educational service districts.
The grantor identified that obligations charged to the fiscal year 2022 IDEA grant funds must be obligated or incurred prior to September 30, 2023.
Description of Condition
The Office improperly charged $5,139 to the program.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. We used a nonstatistical sampling method to randomly select and examine 13 payments of a total of 68 that the Office made close to the end of the obligation period to ensure they were allowable and obligated within the proper period. During our testing, we found three charges totaling $5,139 that were obligated after the obligation period ended.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2023 IDEA part B grant. These payments were initially charged to an allowable grant, but staff made adjustments and moved them to the fiscal year 2022 IDEA part B grant. Therefore, the payments were then noncompliant with period of performance requirements.
Effect of Condition and Questioned Costs
We identified $5,139 in questioned costs that were obligated outside the obligation date.
Projection to population Known Questioned Costs Likely Questioned Costs
Federal expenditures $5,139 $26,883
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding.
To ensure that expenditures occurring outside of a grant’s period of performance are not shifted to the grant during its liquidation period, OSPI has established internal controls to address accounting adjustments made during liquidation periods. Journal vouchers (corrections) will be verified by budget staff prior to submission to ensure expenditures occurred within the grant period of performance. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through reconciliation of monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum.
• Verify that all expenditures corrected with journal vouchers during the grant liquidation period have occurred during the grant period of performance.
• Complete expenditure corrections within the grant liquidation period.
• Liquidation is done on the last business day of January (or 120 days after the budget period ends).
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2022 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H137A210074 and H027A210074 as July 1, 2021 through September 30, 2023.
Tile 20 United States Code 1225(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months.
2024-025 Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-036
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grant to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $285 million in federal IDEA grant funds during fiscal year 2024 and passed about $276 million of that funding through to LEAs and all nine education service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the subaward’s terms and conditions to determine the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2023-036, 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office’s Special Education division revised and expanded the form package that ESDs need to submit as part of year-end reporting. The corrective action was not fully implemented during the fiscal 2024 year, and therefore the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. As of April 2024, OSPI Special Education division fully implemented the accepted corrective action plan and conducted fiscal monitoring of all nine (9) Educational Service Districts (ESDs) statewide. All nine (9) ESDs received a fiscal monitoring report no later than April 2024.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to a future onsite visit if deemed necessary.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-024 The Office of Superintendent of Public Instruction improperly charged $5,139 to the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: $5,139
Prior Year Audit Finding: None
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grants to States program (IDEA, Part B) provides grants to states, and through them to local education agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specially designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $251 million in federal IDEA grant funds during fiscal year 2024 and passed about $243 million of that funding through to LEAs and educational service districts.
The grantor identified that obligations charged to the fiscal year 2022 IDEA grant funds must be obligated or incurred prior to September 30, 2023.
Description of Condition
The Office improperly charged $5,139 to the program.
We found the Office had adequate internal controls to ensure it materially complied with period of performance requirements. We used a nonstatistical sampling method to randomly select and examine 13 payments of a total of 68 that the Office made close to the end of the obligation period to ensure they were allowable and obligated within the proper period. During our testing, we found three charges totaling $5,139 that were obligated after the obligation period ended.
Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Office staff made accounting adjustments to the fiscal year 2023 IDEA part B grant. These payments were initially charged to an allowable grant, but staff made adjustments and moved them to the fiscal year 2022 IDEA part B grant. Therefore, the payments were then noncompliant with period of performance requirements.
Effect of Condition and Questioned Costs
We identified $5,139 in questioned costs that were obligated outside the obligation date.
Projection to population Known Questioned Costs Likely Questioned Costs
Federal expenditures $5,139 $26,883
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Office consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding.
To ensure that expenditures occurring outside of a grant’s period of performance are not shifted to the grant during its liquidation period, OSPI has established internal controls to address accounting adjustments made during liquidation periods. Journal vouchers (corrections) will be verified by budget staff prior to submission to ensure expenditures occurred within the grant period of performance. OSPI will communicate the corrective action plan with internal stakeholders to ensure compliance with updated process/procedures.
Internal Control Details:
• Monitor expenditures (through reconciliation of monthly reports) to ensure the agency stays within the allowable set-aside threshold and grant maximum.
• Verify that all expenditures corrected with journal vouchers during the grant liquidation period have occurred during the grant period of performance.
• Complete expenditure corrections within the grant liquidation period.
• Liquidation is done on the last business day of January (or 120 days after the budget period ends).
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 U.S. Code of Federal Regulations (CFR) Part 200.1, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes definitions for questioned costs. Part 200.410 establishes requirements for the collection of unallowable costs.
Fiscal Year 2022 Special Education Grant Award, Grant Award Notification, establishes the federal funding period for award numbers H137A210074 and H027A210074 as July 1, 2021 through September 30, 2023.
Tile 20 United States Code 1225(b), General Education Provisions Act, establishes that any funds that are not obligated at the end of the federal funding period shall remain available for obligation for an additional period of 12 months.
2024-025 Office of Superintendent of Public Instruction did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program.
Assistance Listing Number and Title: 84.027 Special Education Grants to Staes (IDEA, Part B)
84.027 COVID-19 Special Education Grants to Staes (IDEA, Part B)
84.173 Special Education Preschool Grants (IDEA Preschool)
84.173 COVID-19 Special Education Preschool Grants (IDEA Preschool)
Federal Grantor Name: U.S. Department of Education
Federal Award/Contract Number: H027A210074-21A; H027A220074; H027A230074-23A; H027X210074; H173A210074; H173A220074; H173A230074; H173X210074
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-036
Background
The Individuals with Disabilities Education Act’s (IDEA) Special Education Grant to States program (IDEA, Part B) provides grants to states, and through them to local educational agencies (LEAs), to help provide special education and related services to eligible children with disabilities. IDEA’s Special Education Preschool Grants program (IDEA Preschool), also known as the “619 program,” provides grants to states, and through them to LEAs, to assist with providing special education and related services to children with disabilities ages 3 through 5 and, at a state’s discretion, to 2-year-old children with disabilities who will turn 3 during the school year.
The Office of Superintendent of Public Instruction administers the Special Education program in Washington, which serves about 143,000 eligible students. The program provides specifically designed instruction to address students’ unique needs. The Office offers the program at no cost to parents, and it includes the related services students need to access their educational program. The Office spent about $285 million in federal IDEA grant funds during fiscal year 2024 and passed about $276 million of that funding through to LEAs and all nine education service districts (ESDs) in the state.
Federal law requires the Office to evaluate each subrecipient’s risk of noncompliance with federal statues, regulations, and the subaward’s terms and conditions to determine the appropriate amount and type of subrecipient monitoring.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Office did not have adequate internal controls over requirements to perform risk assessments for the program’s subrecipients. The prior finding numbers were 2023-036, 2022-026 and 2021-023.
Description of Condition
The Office did not have adequate internal controls to ensure it performed risk assessments for subrecipients of the Special Education program. As a result, the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
We consider this internal control deficiency to be a significant deficiency.
Cause of Condition
In response to the prior year audit finding, the Office’s Special Education division revised and expanded the form package that ESDs need to submit as part of year-end reporting. The corrective action was not fully implemented during the fiscal 2024 year, and therefore the Office did not perform risk assessments for the nine ESDs that received program funding during the audit period.
Effect of Condition
Without conducting risk assessments, management cannot ensure the Office performs the appropriate amount of monitoring to ensure subrecipients comply with program requirements. Further, without appropriate levels of subrecipient monitoring, the Office cannot have reasonable assurance that federal requirements are being met.
Recommendation
We recommend the Office establish and follow adequate internal controls to ensure it performs the required risk assessments, which would allow management to evaluate the results, monitor subrecipients appropriately, and demonstrate compliance with federal requirements.
Office’s Response
The Office of Superintendent of Public Instruction (OSPI) concurs with this finding. As of April 2024, OSPI Special Education division fully implemented the accepted corrective action plan and conducted fiscal monitoring of all nine (9) Educational Service Districts (ESDs) statewide. All nine (9) ESDs received a fiscal monitoring report no later than April 2024.
Based on the results from monitoring activities over year-end reporting, ESDs will be selected for additional monitoring and may be subject to a future onsite visit if deemed necessary.
Auditor’s Remarks
We thank the Office for its cooperation and assistance throughout the audit. We will review the status of the Office's corrective action during our next audit.
Applicable Laws and Regulations
Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities.
Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-029 The Department of Social and Health Services did not have adequate internal controls to ensure it filed reports timely as required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-039
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resources incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million paid to 13 AAAs.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 47 subawards and amendments totaling $25,092,377 that it was required to report in fiscal year 2024.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-039.
Description of Condition
The Department did not have adequate internal controls to ensure it filed reports timely as required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not submit the reports on time.
We used a statistical sampling method and randomly selected and examined 10 subawards out of a total population of 47. We determined that four out of 10 subawards were not submitted on time. However, the reports were reported accurately, were not missing any of the key elements and the amounts reported were correct.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
The Department had procedures in place to ensure it reported subawards and amendments in FSRS. However, due to management turnover during the previous fiscal year, staff was behind in submitting subawards and amendments in FSRS and is in the process of becoming current.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it reports all first-tier subawards of $30,000 more in FSRS by the federal deadlines.
Department’s Response
The Department concurs with the finding.
Due to management and fiscal staff turnover in fiscal year 2023, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts were entered.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By January 19, 2024, the Office Chief or designee started reviewing the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Fiscal Year 2023 Corrective Action Plan was not completed until March 1, 2024, therefore there were still exceptions during the audit period of July 1, 2023, to June 30, 2024.
The Finance and Contract Units will work in collaboration to streamline notification of contract execution dates by June 30, 2025, ensuring that fiscal staff are aware of executed contracts and submitting FFATA reports timely.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, statins in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-030 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-040
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipients so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with federal award identification element requirements. The prior finding number was 2023-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
We used a nonstatistical sampling method to randomly select and examine five of 11 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all five subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, it did not communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by law.
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for same issue in FY2023 was not completed until July 2024.
Effective July 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, were included for each funding source in the initial subaward as Exhibit D. Language was added to the subaward informing AAAs that future NOAs will be posted online. In addition, the Department’s fiscal staff notify inform all AAA fiscal staff via email when new NOAs are posted. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-031 The Department of Social and Health Services did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-041
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with single audit tracking requirements. The prior finding number was 2023-041.
Description of Condition
The Department did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
The Department’s process to monitor compliance is to use Excel spreadsheets to track subrecipients’ single audits. However, during the audit period, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
Due to management turnover, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. The Department developed procedures to ensure all subrecipients received a single audit, but did not implement the procedures until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for the same issue in FY2023, was not completed until October 2024.
Effective September 2024, a reminder process was implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in the Tracker system.
Effective October 2024, the Single Monitor Tracking Sheet was updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, when a management letter is sent, and the AAA responses.
Effective October 2024 and ongoing, the AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure that all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-029 The Department of Social and Health Services did not have adequate internal controls to ensure it filed reports timely as required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-039
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resources incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million paid to 13 AAAs.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 47 subawards and amendments totaling $25,092,377 that it was required to report in fiscal year 2024.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-039.
Description of Condition
The Department did not have adequate internal controls to ensure it filed reports timely as required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not submit the reports on time.
We used a statistical sampling method and randomly selected and examined 10 subawards out of a total population of 47. We determined that four out of 10 subawards were not submitted on time. However, the reports were reported accurately, were not missing any of the key elements and the amounts reported were correct.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
The Department had procedures in place to ensure it reported subawards and amendments in FSRS. However, due to management turnover during the previous fiscal year, staff was behind in submitting subawards and amendments in FSRS and is in the process of becoming current.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it reports all first-tier subawards of $30,000 more in FSRS by the federal deadlines.
Department’s Response
The Department concurs with the finding.
Due to management and fiscal staff turnover in fiscal year 2023, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts were entered.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By January 19, 2024, the Office Chief or designee started reviewing the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Fiscal Year 2023 Corrective Action Plan was not completed until March 1, 2024, therefore there were still exceptions during the audit period of July 1, 2023, to June 30, 2024.
The Finance and Contract Units will work in collaboration to streamline notification of contract execution dates by June 30, 2025, ensuring that fiscal staff are aware of executed contracts and submitting FFATA reports timely.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, statins in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-030 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-040
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipients so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with federal award identification element requirements. The prior finding number was 2023-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
We used a nonstatistical sampling method to randomly select and examine five of 11 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all five subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, it did not communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by law.
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for same issue in FY2023 was not completed until July 2024.
Effective July 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, were included for each funding source in the initial subaward as Exhibit D. Language was added to the subaward informing AAAs that future NOAs will be posted online. In addition, the Department’s fiscal staff notify inform all AAA fiscal staff via email when new NOAs are posted. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-031 The Department of Social and Health Services did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-041
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with single audit tracking requirements. The prior finding number was 2023-041.
Description of Condition
The Department did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
The Department’s process to monitor compliance is to use Excel spreadsheets to track subrecipients’ single audits. However, during the audit period, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
Due to management turnover, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. The Department developed procedures to ensure all subrecipients received a single audit, but did not implement the procedures until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for the same issue in FY2023, was not completed until October 2024.
Effective September 2024, a reminder process was implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in the Tracker system.
Effective October 2024, the Single Monitor Tracking Sheet was updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, when a management letter is sent, and the AAA responses.
Effective October 2024 and ongoing, the AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure that all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-029 The Department of Social and Health Services did not have adequate internal controls to ensure it filed reports timely as required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-039
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resources incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million paid to 13 AAAs.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 47 subawards and amendments totaling $25,092,377 that it was required to report in fiscal year 2024.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-039.
Description of Condition
The Department did not have adequate internal controls to ensure it filed reports timely as required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not submit the reports on time.
We used a statistical sampling method and randomly selected and examined 10 subawards out of a total population of 47. We determined that four out of 10 subawards were not submitted on time. However, the reports were reported accurately, were not missing any of the key elements and the amounts reported were correct.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
The Department had procedures in place to ensure it reported subawards and amendments in FSRS. However, due to management turnover during the previous fiscal year, staff was behind in submitting subawards and amendments in FSRS and is in the process of becoming current.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it reports all first-tier subawards of $30,000 more in FSRS by the federal deadlines.
Department’s Response
The Department concurs with the finding.
Due to management and fiscal staff turnover in fiscal year 2023, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts were entered.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By January 19, 2024, the Office Chief or designee started reviewing the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Fiscal Year 2023 Corrective Action Plan was not completed until March 1, 2024, therefore there were still exceptions during the audit period of July 1, 2023, to June 30, 2024.
The Finance and Contract Units will work in collaboration to streamline notification of contract execution dates by June 30, 2025, ensuring that fiscal staff are aware of executed contracts and submitting FFATA reports timely.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, statins in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-030 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-040
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipients so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with federal award identification element requirements. The prior finding number was 2023-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
We used a nonstatistical sampling method to randomly select and examine five of 11 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all five subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, it did not communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by law.
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for same issue in FY2023 was not completed until July 2024.
Effective July 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, were included for each funding source in the initial subaward as Exhibit D. Language was added to the subaward informing AAAs that future NOAs will be posted online. In addition, the Department’s fiscal staff notify inform all AAA fiscal staff via email when new NOAs are posted. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-031 The Department of Social and Health Services did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-041
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with single audit tracking requirements. The prior finding number was 2023-041.
Description of Condition
The Department did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
The Department’s process to monitor compliance is to use Excel spreadsheets to track subrecipients’ single audits. However, during the audit period, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
Due to management turnover, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. The Department developed procedures to ensure all subrecipients received a single audit, but did not implement the procedures until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for the same issue in FY2023, was not completed until October 2024.
Effective September 2024, a reminder process was implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in the Tracker system.
Effective October 2024, the Single Monitor Tracking Sheet was updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, when a management letter is sent, and the AAA responses.
Effective October 2024 and ongoing, the AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure that all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-029 The Department of Social and Health Services did not have adequate internal controls to ensure it filed reports timely as required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-039
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resources incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million paid to 13 AAAs.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 47 subawards and amendments totaling $25,092,377 that it was required to report in fiscal year 2024.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-039.
Description of Condition
The Department did not have adequate internal controls to ensure it filed reports timely as required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not submit the reports on time.
We used a statistical sampling method and randomly selected and examined 10 subawards out of a total population of 47. We determined that four out of 10 subawards were not submitted on time. However, the reports were reported accurately, were not missing any of the key elements and the amounts reported were correct.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
The Department had procedures in place to ensure it reported subawards and amendments in FSRS. However, due to management turnover during the previous fiscal year, staff was behind in submitting subawards and amendments in FSRS and is in the process of becoming current.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it reports all first-tier subawards of $30,000 more in FSRS by the federal deadlines.
Department’s Response
The Department concurs with the finding.
Due to management and fiscal staff turnover in fiscal year 2023, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts were entered.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By January 19, 2024, the Office Chief or designee started reviewing the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Fiscal Year 2023 Corrective Action Plan was not completed until March 1, 2024, therefore there were still exceptions during the audit period of July 1, 2023, to June 30, 2024.
The Finance and Contract Units will work in collaboration to streamline notification of contract execution dates by June 30, 2025, ensuring that fiscal staff are aware of executed contracts and submitting FFATA reports timely.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, statins in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-030 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-040
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipients so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with federal award identification element requirements. The prior finding number was 2023-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
We used a nonstatistical sampling method to randomly select and examine five of 11 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all five subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, it did not communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by law.
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for same issue in FY2023 was not completed until July 2024.
Effective July 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, were included for each funding source in the initial subaward as Exhibit D. Language was added to the subaward informing AAAs that future NOAs will be posted online. In addition, the Department’s fiscal staff notify inform all AAA fiscal staff via email when new NOAs are posted. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-031 The Department of Social and Health Services did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-041
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with single audit tracking requirements. The prior finding number was 2023-041.
Description of Condition
The Department did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
The Department’s process to monitor compliance is to use Excel spreadsheets to track subrecipients’ single audits. However, during the audit period, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
Due to management turnover, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. The Department developed procedures to ensure all subrecipients received a single audit, but did not implement the procedures until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for the same issue in FY2023, was not completed until October 2024.
Effective September 2024, a reminder process was implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in the Tracker system.
Effective October 2024, the Single Monitor Tracking Sheet was updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, when a management letter is sent, and the AAA responses.
Effective October 2024 and ongoing, the AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure that all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-029 The Department of Social and Health Services did not have adequate internal controls to ensure it filed reports timely as required by the Federal Funding Accountability and Transparency Act.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-039
Background
The Aging Cluster programs, which include Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in homes and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. Nutrition Services programs support nutrition services and provide resources incentives to encourage and reward effective and efficient performance delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million paid to 13 AAAs.
Under the Federal Funding Accountability and Transparency Act (Act), the Department is required to collect and report information on each subaward of federal funds more than $30,000 in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS). The Department must report subawards by the end of the month following the month in which it made the subaward (or subaward amendment). The Act is intended to empower the public with the ability to hold the federal government accountable for spending decisions and therefore reduce wasteful government spending.
The Department issues subawards to AAAs for multiple Older American Act grants in the same contract, including grants that are not a part of the Aging Cluster. When a new subaward is executed, Department staff enter the required reporting information for the subawards in a tracking spreadsheet. Staff use the tracking spreadsheet to submit the required reports in FSRS. The Department had 47 subawards and amendments totaling $25,092,377 that it was required to report in fiscal year 2024.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure it filed reports required by the Act. The prior finding number was 2023-039.
Description of Condition
The Department did not have adequate internal controls to ensure it filed reports timely as required by the Act.
The Department did not follow its written procedures over the reporting process. Specifically, staff did not submit the reports on time.
We used a statistical sampling method and randomly selected and examined 10 subawards out of a total population of 47. We determined that four out of 10 subawards were not submitted on time. However, the reports were reported accurately, were not missing any of the key elements and the amounts reported were correct.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
The Department had procedures in place to ensure it reported subawards and amendments in FSRS. However, due to management turnover during the previous fiscal year, staff was behind in submitting subawards and amendments in FSRS and is in the process of becoming current.
Effect of Condition
Failing to submit the required reports diminishes the federal government’s ability to ensure accountability and transparency of federal spending.
Recommendation
We recommend the Department strengthen internal controls to ensure it reports all first-tier subawards of $30,000 more in FSRS by the federal deadlines.
Department’s Response
The Department concurs with the finding.
Due to management and fiscal staff turnover in fiscal year 2023, staff did not enter information required for Federal Funding Accountability and Transparency Act (FFATA) reporting into the Subawards and Amendments Tracking Spreadsheet when subawards and subaward amendments were executed and did not report any of the subawards in the Federal Funding Accountability and Transparency Subaward Reporting System (FSRS) during fiscal year 2023.
Effective January 17, 2024, the Subawards and Amendments Tracking Spreadsheet was created with the required fields to ensure contract information for all current contracts were entered.
Effective January 17, 2024, two fiscal staff were assigned to submit FFATA reports in the FSRS system to ensure reporting activities are completed by federal deadline. By January 19, 2024, the Office Chief or designee started reviewing the Subawards and Amendments Tracking Spreadsheet with FFATA reporting dates monthly to ensure federal deadlines for FFATA reporting are met consistently.
The Fiscal Year 2023 Corrective Action Plan was not completed until March 1, 2024, therefore there were still exceptions during the audit period of July 1, 2023, to June 30, 2024.
The Finance and Contract Units will work in collaboration to streamline notification of contract execution dates by June 30, 2025, ensuring that fiscal staff are aware of executed contracts and submitting FFATA reports timely.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 2 CFR Part 170, Reporting Subaward and Executive Compensation Information, statins in part:
Appendix A to Part 170 – Award Term
I. Reporting Subawards and Executive Compensation
a. Reporting of first-tier subawards.
1. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non-Federal entity or Federal agency (see definitions in paragraph e. of this award term).
2. Where and when to report.
i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to https://www.fsrs.gov.
ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2020.
3. What to report. You must report the information about each obligating action that the submission instructions posted at https://www.fsrs.gov specify.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-030 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-040
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to ensure that every subaward is clearly identified to the subrecipient as a subaward and includes 14 federal identification elements. These elements include the subrecipient’s unique entity identifier, the Federal Award Identification Number (FAIN), name of the federal awarding agency, the program’s Assistance Listing Number, title and more. The Department is required to communicate this information at the time of the subaward and, if any of these elements change, include the changes in a subsequent subaward modification. In addition, the Department is responsible for communicating all requirements it has imposed on its subrecipients so that they use the federal award in accordance with federal statutes, regulations, and the terms and conditions of the award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with federal award identification element requirements. The prior finding number was 2023-040.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it communicated federal award identification elements to subrecipients of the Aging Cluster Programs.
We used a nonstatistical sampling method to randomly select and examine five of 11 subawards to determine if every subaward was clearly identified to the subrecipient as a subaward and included all 14 federal identification elements. We found that all five subawards did not include the following four required federal identification elements:
• FAIN
• Federal award date
• Name of federal award agency, pass-through entity and contact information for awarding official of the pass-through entity
• Indirect cost rate for the federal award
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department communicated the four excluded identification elements in the Notice of Award (NOA) that was posted on its intranet. The Department wanted to simplify the procedure of notifying AAAs about the NOAs but, while the process was being developed, it did not communicate the required information to the AAAs in the subawards. This required information and its location were not referenced in the subaward.
Effect of Condition
By not clearly identifying the required information in the subaward, the Department cannot ensure it adequately informed its subrecipients of the program requirements for each federal award.
Recommendation
We recommend the Department strengthen internal controls and ensure it communicates all required information in future subawards, as required by law.
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for same issue in FY2023 was not completed until July 2024.
Effective July 2024, Initial Notices of Award (NOA), with all 14 federal identification elements, were included for each funding source in the initial subaward as Exhibit D. Language was added to the subaward informing AAAs that future NOAs will be posted online. In addition, the Department’s fiscal staff notify inform all AAA fiscal staff via email when new NOAs are posted. Contracts staff will ensure Exhibit D is attached to the initial subaward before signing the contract.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-031 The Department of Social and Health Services did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
Assistance Listing Number and Title: 93.044 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.044 COVID-19 Special Programs for the Aging – Title III, Part B – Grants for Supportive Services and Senior Centers
93.045 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.045 COVID-19 Special Programs for the Aging – Title III, Part C – Nutrition Services
93.053 Nutrition Services Incentive Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: Various
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Subrecipient Monitoring
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-041
Background
The Aging Cluster programs, which include the Supportive Services and Senior Centers, Nutrition Services, and the Nutrition Services Incentive Program, provide services and meals to older people.
The Supportive Services program helps states and area agencies on aging (AAAs) facilitate the development and implementation of a comprehensive, coordinated system for providing long-term care in home and community-based settings in a way that responds to the needs and preferences of older people and their family caregivers. The Nutrition Services programs support nutrition services and provide resource incentives to encourage and reward effective and efficient performance in the delivery of nutritious meals to older people.
The Department of Social and Health Services administers federal programs under the Older Americans Act, including the Aging Cluster programs. In fiscal year 2024, the Department spent about $37.9 million in Aging Cluster federal funding, including about $36.9 million it paid to 13 AAAs.
Federal regulations require the Department to monitor its subrecipients’ activities. This includes:
• Verifying that subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Following up and ensuring that subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• Issuing a management decision to the subrecipient, within six months, for applicable audit findings pertaining to the federal award
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with single audit tracking requirements. The prior finding number was 2023-041.
Description of Condition
The Department did not have adequate internal controls to ensure subrecipients of the Aging Cluster Programs obtained required single audits.
The Department’s process to monitor compliance is to use Excel spreadsheets to track subrecipients’ single audits. However, during the audit period, the Department did not adequately perform this process. The Department did not regularly check to ensure every subrecipient obtained a single audit when it was due.
We consider this internal control deficiency to be a material weakness.
Cause of Condition
Due to management turnover, staff were behind on monitoring whether the Department’s subrecipients obtained their required single audits. The Department developed procedures to ensure all subrecipients received a single audit, but did not implement the procedures until after the audit period.
Effect of Condition
Without establishing adequate internal controls, the Department cannot ensure that all subrecipients requiring a single audit obtain one, that timely and appropriate action is taken for subrecipients that did not obtain a single audit, and that subrecipients with audit findings receive required management decisions timely.
Recommendation
We recommend the Department strengthen internal controls to ensure:
• Subrecipients obtain a single audit if they spend $750,000 or more in federal awards during a fiscal year
• Subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award
• It issues all required management decisions to subrecipients, within six months, for applicable audit findings pertaining to the federal award
Department’s Response
The Department concurs with the finding.
This is a repeat finding because the corrective action plan for the same issue in FY2023, was not completed until October 2024.
Effective September 2024, a reminder process was implemented for all AAAs to submit their audits six months after the subrecipient fiscal year-end close. Email reminders will be sent until single audits are received or once the AAA has communicated an estimated audit completion date. Communication will be documented in the Tracker system.
Effective October 2024, the Single Monitor Tracking Sheet was updated to document the dates of audit requests, receipts, date of review, confirmation of FAC audit receipt, date of communication with AAA, when a management letter is sent, and the AAA responses.
Effective October 2024 and ongoing, the AAA & Grants Unit Manager or Office Chief will review the Single Monitor Tracking Sheet nine months after the sub-recipient fiscal year-end close to ensure that all Single audits are received timely. Follow up will occur monthly on outstanding audits and timing of management letters.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes federal award identification requirements for subawards.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $415,579,473
Prior Year Audit Finding: Yes, Finding 2023-058
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness that led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-060
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-061
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate:
• Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award
• Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.60 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii)Mandatory Funds for States that do not request Matching Funds are available until expended.
(4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-062
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendation
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-064
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require nonrelative FFN providers to complete health and safety training within 90 days of their subsidy payment begin date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for nonrelative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and reminds the provider of the ongoing training requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the nine prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2023-064, 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015-024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,416 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 16 instances (27%) in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame.
Nonrelative FFN provider ongoing training and annual technical visits
The Department asserted that it uses the FFN Household CCDF Monitoring Report in WA Compass to determine if the FFN meets all training requirements. After reviewing this report, we determined that while the report contains information on current training requirements, it does not contain information for training that has already occurred during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 16 of the 59 monitoring follow-up visits within the required timeframe that we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Nonrelative FFN provider ongoing training and technical visits
Department staff remove FFNs from the personal tracking spreadsheets once training is completed, and the information is not maintained in the WA Compass system, which prevented our Office from fully auditing the Department’s monitoring activities during the audit period for ensuring that training requirements for FFNs were completed timely.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements, which can put children in jeopardy of harm, neglect and unhealthy environments.
Nonrelative FFN provider ongoing training and technical visits
By not retaining documentation of monitoring activities, the Department could not demonstrate that it was performing monitoring.
Recommendation
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Improve documentation of internal controls to support that it performed monitoring activities during the audit period
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the State Auditor’s Office (SAO) specific findings, the Department partially concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
The Department concurs that follow up visits were not completed timely for the cases identified by SAO. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all follow up visits within the timelines required. During state fiscal year 2024 the Department took the following actions to strengthen internal controls and increase recruitment of licensing staff:
• Developed and implemented a monitoring recheck tool in the WA Compass system assist with tracking and monitoring requirements are completed prior to cases being marked complete within the system.
• Created the option to document on the monitoring checklist when a non-compliance item is Corrected On-site during the monitoring visit.
• Created a new unit of licensing staff in King County to assist with caseload increases in the fastest growing provider area in Washington.
• Established new licensing staff positions to create a pathway for advancement to assist with staff recruitment efforts.
• Implemented new recruitment and training plans for child care licensors. Recruited and trained licensors were able to complete monitoring visits at the same rate as experienced licensing staff.
During state fiscal year 2024 the Department completed 100% of on-site monitoring visits. Of the cases identified by SAO, the average follow up visit is delayed by 11 business days. Although the follow up visits were not completed within the timelines required, 100% of the follow up visits occurred. The Department is focused on strengthening internal controls around all health and safety requirements and is confident that corrective actions taken will improve this area moving forward.. As part of its quality improvement initiative, the Department has implemented data-driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance.
Nonrelative FFN provider ongoing training and technical visits
The Department partially concurs with the audit finding. The State Auditor’s Office (SAO) selected samples and examined 44 nonrelative providers that received child care payments during the audit period. In all instances, SAO found no issues of noncompliance or exceptions, all providers had their required trainings and technical visits as outlined in the Departments applicable health and safety WACs.
The MERIT system and the WA Compass system are monitored by staff to ensure providers comply with health and safety requirements. The current WA Compass reports are real-time dashboards to assist staff with determining requirements that are due within 30, 60, 90 days. MERIT is the system of record for individual providers training requirements. Staff perform monitoring activities outlined in the reports to verify compliance, to include checking training completion dates in MERIT and updating WA Compass with the information. Once requirements are met in WA Compass the completed tasks are no longer reflected on the dashboard. The SAO maintained that the program is not auditable without the historical data showing compliance due dates to document monitoring activities including training requirements.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identify a sampling unit that can be used to accurately test internal controls around monitoring activities. Staff will continue to track and monitor FFN health and safety requirements with available tools and determine how to retain documentation to demonstrate this compliance for SAO.
Auditor’s Remarks
Regarding Nonrelative FFN provider ongoing training and technical visits, we selected and tested ongoing training and technical visits for 13 nonrelative FFN providers.
Because the Department's FFN Household CCDF Monitoring Report only contains information on current training requirements, and the Department could not provide other support for its monitoring control activities, we could not determine if monitoring occurred during the audit period.
We appreciate the Department’s commitment to improve its monitoring and compliance with health and safety requirements. We reaffirm our finding and will follow up on the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015 (4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
a. Prevention and control of infectious diseases;
b. Emergency preparedness and response planning for natural disasters and human-caused events;
c. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
d. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
1. A provider described in WAC 110-16-0015 (4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
2. The purpose of the visit is to:
a. Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
b. Observe the provider’s interactions with the child, and discuss health and safety practices;
c. Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
d. Provide regional contact information for FFN child care services and resources.
3. A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
4. At the annual, scheduled visit, the provider must show, unless previously provided to the department:
a. Proof of identity;
b. Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
c. Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
d. Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
e. The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $415,579,473
Prior Year Audit Finding: Yes, Finding 2023-058
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness that led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-060
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-061
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate:
• Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award
• Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.60 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii)Mandatory Funds for States that do not request Matching Funds are available until expended.
(4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-062
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendation
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-064
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require nonrelative FFN providers to complete health and safety training within 90 days of their subsidy payment begin date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for nonrelative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and reminds the provider of the ongoing training requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the nine prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2023-064, 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015-024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,416 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 16 instances (27%) in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame.
Nonrelative FFN provider ongoing training and annual technical visits
The Department asserted that it uses the FFN Household CCDF Monitoring Report in WA Compass to determine if the FFN meets all training requirements. After reviewing this report, we determined that while the report contains information on current training requirements, it does not contain information for training that has already occurred during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 16 of the 59 monitoring follow-up visits within the required timeframe that we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Nonrelative FFN provider ongoing training and technical visits
Department staff remove FFNs from the personal tracking spreadsheets once training is completed, and the information is not maintained in the WA Compass system, which prevented our Office from fully auditing the Department’s monitoring activities during the audit period for ensuring that training requirements for FFNs were completed timely.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements, which can put children in jeopardy of harm, neglect and unhealthy environments.
Nonrelative FFN provider ongoing training and technical visits
By not retaining documentation of monitoring activities, the Department could not demonstrate that it was performing monitoring.
Recommendation
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Improve documentation of internal controls to support that it performed monitoring activities during the audit period
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the State Auditor’s Office (SAO) specific findings, the Department partially concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
The Department concurs that follow up visits were not completed timely for the cases identified by SAO. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all follow up visits within the timelines required. During state fiscal year 2024 the Department took the following actions to strengthen internal controls and increase recruitment of licensing staff:
• Developed and implemented a monitoring recheck tool in the WA Compass system assist with tracking and monitoring requirements are completed prior to cases being marked complete within the system.
• Created the option to document on the monitoring checklist when a non-compliance item is Corrected On-site during the monitoring visit.
• Created a new unit of licensing staff in King County to assist with caseload increases in the fastest growing provider area in Washington.
• Established new licensing staff positions to create a pathway for advancement to assist with staff recruitment efforts.
• Implemented new recruitment and training plans for child care licensors. Recruited and trained licensors were able to complete monitoring visits at the same rate as experienced licensing staff.
During state fiscal year 2024 the Department completed 100% of on-site monitoring visits. Of the cases identified by SAO, the average follow up visit is delayed by 11 business days. Although the follow up visits were not completed within the timelines required, 100% of the follow up visits occurred. The Department is focused on strengthening internal controls around all health and safety requirements and is confident that corrective actions taken will improve this area moving forward.. As part of its quality improvement initiative, the Department has implemented data-driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance.
Nonrelative FFN provider ongoing training and technical visits
The Department partially concurs with the audit finding. The State Auditor’s Office (SAO) selected samples and examined 44 nonrelative providers that received child care payments during the audit period. In all instances, SAO found no issues of noncompliance or exceptions, all providers had their required trainings and technical visits as outlined in the Departments applicable health and safety WACs.
The MERIT system and the WA Compass system are monitored by staff to ensure providers comply with health and safety requirements. The current WA Compass reports are real-time dashboards to assist staff with determining requirements that are due within 30, 60, 90 days. MERIT is the system of record for individual providers training requirements. Staff perform monitoring activities outlined in the reports to verify compliance, to include checking training completion dates in MERIT and updating WA Compass with the information. Once requirements are met in WA Compass the completed tasks are no longer reflected on the dashboard. The SAO maintained that the program is not auditable without the historical data showing compliance due dates to document monitoring activities including training requirements.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identify a sampling unit that can be used to accurately test internal controls around monitoring activities. Staff will continue to track and monitor FFN health and safety requirements with available tools and determine how to retain documentation to demonstrate this compliance for SAO.
Auditor’s Remarks
Regarding Nonrelative FFN provider ongoing training and technical visits, we selected and tested ongoing training and technical visits for 13 nonrelative FFN providers.
Because the Department's FFN Household CCDF Monitoring Report only contains information on current training requirements, and the Department could not provide other support for its monitoring control activities, we could not determine if monitoring occurred during the audit period.
We appreciate the Department’s commitment to improve its monitoring and compliance with health and safety requirements. We reaffirm our finding and will follow up on the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015 (4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
a. Prevention and control of infectious diseases;
b. Emergency preparedness and response planning for natural disasters and human-caused events;
c. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
d. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
1. A provider described in WAC 110-16-0015 (4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
2. The purpose of the visit is to:
a. Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
b. Observe the provider’s interactions with the child, and discuss health and safety practices;
c. Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
d. Provide regional contact information for FFN child care services and resources.
3. A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
4. At the annual, scheduled visit, the provider must show, unless previously provided to the department:
a. Proof of identity;
b. Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
c. Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
d. Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
e. The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $415,579,473
Prior Year Audit Finding: Yes, Finding 2023-058
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness that led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-060
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-061
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate:
• Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award
• Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.60 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii)Mandatory Funds for States that do not request Matching Funds are available until expended.
(4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-062
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendation
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-064
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require nonrelative FFN providers to complete health and safety training within 90 days of their subsidy payment begin date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for nonrelative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and reminds the provider of the ongoing training requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the nine prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2023-064, 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015-024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,416 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 16 instances (27%) in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame.
Nonrelative FFN provider ongoing training and annual technical visits
The Department asserted that it uses the FFN Household CCDF Monitoring Report in WA Compass to determine if the FFN meets all training requirements. After reviewing this report, we determined that while the report contains information on current training requirements, it does not contain information for training that has already occurred during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 16 of the 59 monitoring follow-up visits within the required timeframe that we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Nonrelative FFN provider ongoing training and technical visits
Department staff remove FFNs from the personal tracking spreadsheets once training is completed, and the information is not maintained in the WA Compass system, which prevented our Office from fully auditing the Department’s monitoring activities during the audit period for ensuring that training requirements for FFNs were completed timely.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements, which can put children in jeopardy of harm, neglect and unhealthy environments.
Nonrelative FFN provider ongoing training and technical visits
By not retaining documentation of monitoring activities, the Department could not demonstrate that it was performing monitoring.
Recommendation
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Improve documentation of internal controls to support that it performed monitoring activities during the audit period
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the State Auditor’s Office (SAO) specific findings, the Department partially concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
The Department concurs that follow up visits were not completed timely for the cases identified by SAO. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all follow up visits within the timelines required. During state fiscal year 2024 the Department took the following actions to strengthen internal controls and increase recruitment of licensing staff:
• Developed and implemented a monitoring recheck tool in the WA Compass system assist with tracking and monitoring requirements are completed prior to cases being marked complete within the system.
• Created the option to document on the monitoring checklist when a non-compliance item is Corrected On-site during the monitoring visit.
• Created a new unit of licensing staff in King County to assist with caseload increases in the fastest growing provider area in Washington.
• Established new licensing staff positions to create a pathway for advancement to assist with staff recruitment efforts.
• Implemented new recruitment and training plans for child care licensors. Recruited and trained licensors were able to complete monitoring visits at the same rate as experienced licensing staff.
During state fiscal year 2024 the Department completed 100% of on-site monitoring visits. Of the cases identified by SAO, the average follow up visit is delayed by 11 business days. Although the follow up visits were not completed within the timelines required, 100% of the follow up visits occurred. The Department is focused on strengthening internal controls around all health and safety requirements and is confident that corrective actions taken will improve this area moving forward.. As part of its quality improvement initiative, the Department has implemented data-driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance.
Nonrelative FFN provider ongoing training and technical visits
The Department partially concurs with the audit finding. The State Auditor’s Office (SAO) selected samples and examined 44 nonrelative providers that received child care payments during the audit period. In all instances, SAO found no issues of noncompliance or exceptions, all providers had their required trainings and technical visits as outlined in the Departments applicable health and safety WACs.
The MERIT system and the WA Compass system are monitored by staff to ensure providers comply with health and safety requirements. The current WA Compass reports are real-time dashboards to assist staff with determining requirements that are due within 30, 60, 90 days. MERIT is the system of record for individual providers training requirements. Staff perform monitoring activities outlined in the reports to verify compliance, to include checking training completion dates in MERIT and updating WA Compass with the information. Once requirements are met in WA Compass the completed tasks are no longer reflected on the dashboard. The SAO maintained that the program is not auditable without the historical data showing compliance due dates to document monitoring activities including training requirements.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identify a sampling unit that can be used to accurately test internal controls around monitoring activities. Staff will continue to track and monitor FFN health and safety requirements with available tools and determine how to retain documentation to demonstrate this compliance for SAO.
Auditor’s Remarks
Regarding Nonrelative FFN provider ongoing training and technical visits, we selected and tested ongoing training and technical visits for 13 nonrelative FFN providers.
Because the Department's FFN Household CCDF Monitoring Report only contains information on current training requirements, and the Department could not provide other support for its monitoring control activities, we could not determine if monitoring occurred during the audit period.
We appreciate the Department’s commitment to improve its monitoring and compliance with health and safety requirements. We reaffirm our finding and will follow up on the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015 (4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
a. Prevention and control of infectious diseases;
b. Emergency preparedness and response planning for natural disasters and human-caused events;
c. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
d. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
1. A provider described in WAC 110-16-0015 (4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
2. The purpose of the visit is to:
a. Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
b. Observe the provider’s interactions with the child, and discuss health and safety practices;
c. Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
d. Provide regional contact information for FFN child care services and resources.
3. A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
4. At the annual, scheduled visit, the provider must show, unless previously provided to the department:
a. Proof of identity;
b. Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
c. Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
d. Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
e. The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $415,579,473
Prior Year Audit Finding: Yes, Finding 2023-058
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness that led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-060
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-061
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate:
• Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award
• Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.60 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii)Mandatory Funds for States that do not request Matching Funds are available until expended.
(4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-062
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendation
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-064
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require nonrelative FFN providers to complete health and safety training within 90 days of their subsidy payment begin date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for nonrelative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and reminds the provider of the ongoing training requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the nine prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2023-064, 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015-024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,416 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 16 instances (27%) in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame.
Nonrelative FFN provider ongoing training and annual technical visits
The Department asserted that it uses the FFN Household CCDF Monitoring Report in WA Compass to determine if the FFN meets all training requirements. After reviewing this report, we determined that while the report contains information on current training requirements, it does not contain information for training that has already occurred during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 16 of the 59 monitoring follow-up visits within the required timeframe that we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Nonrelative FFN provider ongoing training and technical visits
Department staff remove FFNs from the personal tracking spreadsheets once training is completed, and the information is not maintained in the WA Compass system, which prevented our Office from fully auditing the Department’s monitoring activities during the audit period for ensuring that training requirements for FFNs were completed timely.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements, which can put children in jeopardy of harm, neglect and unhealthy environments.
Nonrelative FFN provider ongoing training and technical visits
By not retaining documentation of monitoring activities, the Department could not demonstrate that it was performing monitoring.
Recommendation
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Improve documentation of internal controls to support that it performed monitoring activities during the audit period
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the State Auditor’s Office (SAO) specific findings, the Department partially concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
The Department concurs that follow up visits were not completed timely for the cases identified by SAO. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all follow up visits within the timelines required. During state fiscal year 2024 the Department took the following actions to strengthen internal controls and increase recruitment of licensing staff:
• Developed and implemented a monitoring recheck tool in the WA Compass system assist with tracking and monitoring requirements are completed prior to cases being marked complete within the system.
• Created the option to document on the monitoring checklist when a non-compliance item is Corrected On-site during the monitoring visit.
• Created a new unit of licensing staff in King County to assist with caseload increases in the fastest growing provider area in Washington.
• Established new licensing staff positions to create a pathway for advancement to assist with staff recruitment efforts.
• Implemented new recruitment and training plans for child care licensors. Recruited and trained licensors were able to complete monitoring visits at the same rate as experienced licensing staff.
During state fiscal year 2024 the Department completed 100% of on-site monitoring visits. Of the cases identified by SAO, the average follow up visit is delayed by 11 business days. Although the follow up visits were not completed within the timelines required, 100% of the follow up visits occurred. The Department is focused on strengthening internal controls around all health and safety requirements and is confident that corrective actions taken will improve this area moving forward.. As part of its quality improvement initiative, the Department has implemented data-driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance.
Nonrelative FFN provider ongoing training and technical visits
The Department partially concurs with the audit finding. The State Auditor’s Office (SAO) selected samples and examined 44 nonrelative providers that received child care payments during the audit period. In all instances, SAO found no issues of noncompliance or exceptions, all providers had their required trainings and technical visits as outlined in the Departments applicable health and safety WACs.
The MERIT system and the WA Compass system are monitored by staff to ensure providers comply with health and safety requirements. The current WA Compass reports are real-time dashboards to assist staff with determining requirements that are due within 30, 60, 90 days. MERIT is the system of record for individual providers training requirements. Staff perform monitoring activities outlined in the reports to verify compliance, to include checking training completion dates in MERIT and updating WA Compass with the information. Once requirements are met in WA Compass the completed tasks are no longer reflected on the dashboard. The SAO maintained that the program is not auditable without the historical data showing compliance due dates to document monitoring activities including training requirements.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identify a sampling unit that can be used to accurately test internal controls around monitoring activities. Staff will continue to track and monitor FFN health and safety requirements with available tools and determine how to retain documentation to demonstrate this compliance for SAO.
Auditor’s Remarks
Regarding Nonrelative FFN provider ongoing training and technical visits, we selected and tested ongoing training and technical visits for 13 nonrelative FFN providers.
Because the Department's FFN Household CCDF Monitoring Report only contains information on current training requirements, and the Department could not provide other support for its monitoring control activities, we could not determine if monitoring occurred during the audit period.
We appreciate the Department’s commitment to improve its monitoring and compliance with health and safety requirements. We reaffirm our finding and will follow up on the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015 (4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
a. Prevention and control of infectious diseases;
b. Emergency preparedness and response planning for natural disasters and human-caused events;
c. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
d. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
1. A provider described in WAC 110-16-0015 (4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
2. The purpose of the visit is to:
a. Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
b. Observe the provider’s interactions with the child, and discuss health and safety practices;
c. Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
d. Provide regional contact information for FFN child care services and resources.
3. A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
4. At the annual, scheduled visit, the provider must show, unless previously provided to the department:
a. Proof of identity;
b. Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
c. Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
d. Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
e. The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $415,579,473
Prior Year Audit Finding: Yes, Finding 2023-058
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness that led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-060
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-061
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate:
• Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award
• Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.60 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii)Mandatory Funds for States that do not request Matching Funds are available until expended.
(4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-062
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendation
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-064
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require nonrelative FFN providers to complete health and safety training within 90 days of their subsidy payment begin date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for nonrelative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and reminds the provider of the ongoing training requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the nine prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2023-064, 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015-024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,416 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 16 instances (27%) in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame.
Nonrelative FFN provider ongoing training and annual technical visits
The Department asserted that it uses the FFN Household CCDF Monitoring Report in WA Compass to determine if the FFN meets all training requirements. After reviewing this report, we determined that while the report contains information on current training requirements, it does not contain information for training that has already occurred during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 16 of the 59 monitoring follow-up visits within the required timeframe that we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Nonrelative FFN provider ongoing training and technical visits
Department staff remove FFNs from the personal tracking spreadsheets once training is completed, and the information is not maintained in the WA Compass system, which prevented our Office from fully auditing the Department’s monitoring activities during the audit period for ensuring that training requirements for FFNs were completed timely.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements, which can put children in jeopardy of harm, neglect and unhealthy environments.
Nonrelative FFN provider ongoing training and technical visits
By not retaining documentation of monitoring activities, the Department could not demonstrate that it was performing monitoring.
Recommendation
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Improve documentation of internal controls to support that it performed monitoring activities during the audit period
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the State Auditor’s Office (SAO) specific findings, the Department partially concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
The Department concurs that follow up visits were not completed timely for the cases identified by SAO. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all follow up visits within the timelines required. During state fiscal year 2024 the Department took the following actions to strengthen internal controls and increase recruitment of licensing staff:
• Developed and implemented a monitoring recheck tool in the WA Compass system assist with tracking and monitoring requirements are completed prior to cases being marked complete within the system.
• Created the option to document on the monitoring checklist when a non-compliance item is Corrected On-site during the monitoring visit.
• Created a new unit of licensing staff in King County to assist with caseload increases in the fastest growing provider area in Washington.
• Established new licensing staff positions to create a pathway for advancement to assist with staff recruitment efforts.
• Implemented new recruitment and training plans for child care licensors. Recruited and trained licensors were able to complete monitoring visits at the same rate as experienced licensing staff.
During state fiscal year 2024 the Department completed 100% of on-site monitoring visits. Of the cases identified by SAO, the average follow up visit is delayed by 11 business days. Although the follow up visits were not completed within the timelines required, 100% of the follow up visits occurred. The Department is focused on strengthening internal controls around all health and safety requirements and is confident that corrective actions taken will improve this area moving forward.. As part of its quality improvement initiative, the Department has implemented data-driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance.
Nonrelative FFN provider ongoing training and technical visits
The Department partially concurs with the audit finding. The State Auditor’s Office (SAO) selected samples and examined 44 nonrelative providers that received child care payments during the audit period. In all instances, SAO found no issues of noncompliance or exceptions, all providers had their required trainings and technical visits as outlined in the Departments applicable health and safety WACs.
The MERIT system and the WA Compass system are monitored by staff to ensure providers comply with health and safety requirements. The current WA Compass reports are real-time dashboards to assist staff with determining requirements that are due within 30, 60, 90 days. MERIT is the system of record for individual providers training requirements. Staff perform monitoring activities outlined in the reports to verify compliance, to include checking training completion dates in MERIT and updating WA Compass with the information. Once requirements are met in WA Compass the completed tasks are no longer reflected on the dashboard. The SAO maintained that the program is not auditable without the historical data showing compliance due dates to document monitoring activities including training requirements.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identify a sampling unit that can be used to accurately test internal controls around monitoring activities. Staff will continue to track and monitor FFN health and safety requirements with available tools and determine how to retain documentation to demonstrate this compliance for SAO.
Auditor’s Remarks
Regarding Nonrelative FFN provider ongoing training and technical visits, we selected and tested ongoing training and technical visits for 13 nonrelative FFN providers.
Because the Department's FFN Household CCDF Monitoring Report only contains information on current training requirements, and the Department could not provide other support for its monitoring control activities, we could not determine if monitoring occurred during the audit period.
We appreciate the Department’s commitment to improve its monitoring and compliance with health and safety requirements. We reaffirm our finding and will follow up on the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015 (4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
a. Prevention and control of infectious diseases;
b. Emergency preparedness and response planning for natural disasters and human-caused events;
c. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
d. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
1. A provider described in WAC 110-16-0015 (4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
2. The purpose of the visit is to:
a. Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
b. Observe the provider’s interactions with the child, and discuss health and safety practices;
c. Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
d. Provide regional contact information for FFN child care services and resources.
3. A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
4. At the annual, scheduled visit, the provider must show, unless previously provided to the department:
a. Proof of identity;
b. Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
c. Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
d. Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
e. The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2024-043 The Department of Children, Youth, and Families did not have adequate internal controls over eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds.
Assistance Listing Number and Title: 93.558 Temporary Assistance for Needy Families
93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2301WATANF; 2401WATANF
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Eligibility
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-059
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program’s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients’ child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment.
In fiscal year 2024, the Department spent more than $306 million in CCDF and $109 million in TANF federal grant funds on child care subsidy payments to providers.
Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department.
For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must:
• Reside in Washington and be a citizen or legal resident of the United States;
• Be younger than 13 years, or if for verified special needs, be younger than 19 years;
• Reside with a parent(s) or guardian whose countable income does not exceed 60% of the state median income at application or 65% of the state median income at reapplication;
• Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services.
State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and wage information, proof of an approved activity under TANF, and family household size and composition.
Once determined to be eligible for the program, a child is eligible for one year unless a change in income causes the household to exceed 85% of the state’s median income. The Department requires that clients self-report such income changes. A written notice communicates the recipients’ reporting requirement and the specific dollar threshold applicable to the household’s annual income. Once the client’s income exceeds this cutoff level, the Department terminates services.
The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount.
Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the past 12 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2023-059, 2022-036, 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013–017 and 2012-30.
Description of Condition
The Department did not have adequate internal controls over eligibility requirements for child care services paid with the CCDF and TANF funds.
In response to the prior audit findings, the Department developed the following corrective action plan to address the internal control deficiencies:
• Conduct root cause analysis of internal audit findings, particularly for cases with errors due to household composition and approved activities, and develop appropriate corrective actions as needed
• Develop and deliver updated household composition training for all staff
• Improve and publish the desk aid outlining simplified eligibility determination process that includes procedures for those families who do not have an approved activity
The Department updated some policies and procedures for eligibility in February 2024 and management said they made more policies and procedures after the audit period. Department management also said they updated their child care household composition training after the audit period. Lastly, in April and May 2024, the Department made clarifying changes to its desk aid and updated its eligibility process flow.
While the Department partially implemented corrective actions, they did not encompass the entire audit period and some occurred after the audit period.
We consider these internal control deficiencies to be a significant deficiency.
Cause of Condition
In response to the prior audit findings, the Department developed a corrective action plan to address the internal control deficiencies. However, the Department did not fully implement the corrective action plan during the audit period.
Effect of Condition
By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible.
Recommendation
We recommend the Department improve its internal controls over determining client eligibility to ensure only eligible people receive benefits.
Department’s Response
During the fiscal year 2024 (FY24) audit period, the Department determined 36,413 families were eligible for child care. The State Auditor’s Office (SAO) selected samples and examined 61 of these determinations. In all instances, they found the Department properly made eligibility determinations before authorizing services.
The Department partners with the SAO to complete the annual Statewide Single Audit process. The Department has completed a corrective action plan each year. Due to the timelines of the Statewide Single Audit, the agency’s corrective action plan is filed with the Office of Financial Management in the following fiscal year which prohibits the completion of the corrective action plan prior to the start of the following fiscal year. The Department agrees with the auditor’s finding that the fiscal year 2023 (FY23) corrective action plan was not completed prior to the start of FY24. The Department completed the FY23 corrective action plan as scheduled and recognizes this partnership with the SAO has led to our second year in a row with $0 questioned costs and for FY24 no case exceptions.
The Department will continue to partner with the Administration for Children and Families (ACF) and follow our program integrity plan.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-056 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles
Known Questioned Cost Amount: $415,579,473
Prior Year Audit Finding: Yes, Finding 2023-058
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is responsible for establishing policies to ensure payments to providers for child care services are allowable. In fiscal year 2024, the Department spent more than $415 million on monthly child care subsidy payments to child care providers.
There are three child care provider types: licensed centers, licensed family homes and licensed exempt providers referred to as Family, Friends and Neighbor providers. The Department uses the Social Service Payment System (SSPS) to process the payments it makes to child care providers. The system allocates payments to various funding sources based on the client’s eligibility. These funding sources include multiple federal programs, multiple CCDF federal grant awards and state funding. The Department uploads the SSPS payment data into the state’s accounting system at a summary level based on the various funding sources. There is always a need to transfer the funding sources for some payments throughout the year to manage federal and state funds properly.
In prior audit periods up until fiscal year 2021, the Department prepared supporting documentation for transfers that included details of what payments it was transferring. The purpose of documenting this detail was to maintain proper support for federal expenditures.
The Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure payments to childcare providers were allowable and properly supported. We have reported this condition since 2005. The most recent audit finding numbers were 2023-058, 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the CCDF programs were allowable and properly supported.
In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in SSPS inaccurate and unreliable for testing. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments to child care providers for compliance with activities allowed and cost principles.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in SSPS and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures at the fund level more than once, making the underlying data increasingly unreliable with each transfer.
We consider these internal control deficiencies to be a material weakness that led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition and Questioned Costs
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department made it impossible for our Office to audit the federal dollars it used for payments to child care providers. Because we could not test transaction-level detail, we also could not determine whether the issues we identified in prior audits had improved or worsened, including the Department’s lack of adequate internal controls and significant rate of noncompliance for payments to child care providers.
The total amount of known child care payments the Department made with federal CCDF funds in the audit period was $415,579,473. The Department also partially funded these payments with an additional $208,098,727 in state dollars.
Because the Department did not comply with HHS requirements to allow for the tracing of grant expenditures to a payment level, we are questioning all $415,579,473 in federal program costs it incurred during the audit period. The payments the Department partially paid with state funds are not included in the federal questioned costs.
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Consult with the grantor to discuss whether it should repay the questioned costs identified in the audit
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 2, Definitions, includes the definition of improper payment.
45 CFR Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
45 CFR Part 75, section 403, Factors Affecting Allowability of Costs.
45 CFR Part 75, section 410, Collection of Unallowable Costs
45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-057 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Matching, Level of Effort, Earmarking
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-060
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Additionally, under the Temporary Assistance for Needy Families (TANF) program, the Department may transfer TANF funds to the CCDF, which are then treated as Discretionary Funds. The Department is instructed how to spend this federal money. For the Department to receive its allotted share of the Matching Fund, it must meet the Maintenance of Effort (MOE) requirement and match the federal Matching Fund claimed with state expenditures at the Federal Medical Assistance Percentage rate for the applicable fiscal year. The Department must also meet earmarking requirements for expenditures for administrative and quality activities.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements. Department staff run monthly and quarterly expenditure reports from the accounting system to track requirements over matching, level of effort and earmarking for each open grant award.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over matching, level of effort and earmarking requirements for the CCDF Cluster programs. The prior audit finding numbers were 2023-060, 2022-042, 2021-036, 2020-040 and 2019-037.
Description of Condition
The Department did not have adequate internal controls over and did not comply with matching, level of effort and earmarking requirements for the CCDF programs.
The Department’s accounting records should be used to verify it has met matching, level of effort and earmarking requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditure coding in the payment system inaccurate and unreliable for testing.
Without identifying which expenditures it transferred, the Department’s monitoring is insufficient for properly managing matching, level of effort and earmarking requirements. Our Office could not rely on the data supporting the Department’s expenditures or verify that the accounting records were accurate. As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with matching, level of effort and earmarking requirements.
By processing these adjustments at the fund level, the Department invalidated the transaction-level documentation of the original child care expenditure in the payment system and did not identify the new allocation at the payment level. Additionally, the Department transferred some of these child care expenditures more than once at the fund level, making the underlying data increasingly unreliable with each transfer. This condition is also referenced in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it had met matching, level of effort and earmarking requirements.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop effective ongoing monitoring procedures
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-058 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Period of Performance
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-061
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
Each federal grant specifies a performance period during which recipients must obligate and liquidate program costs. These periods typically align with the federal fiscal year of October 1 through September 30. Payments for costs charged before a grant’s beginning date or after the ending date are not allowed without the grantor’s prior approval.
The CCDF consists of three distinct funding sources: Discretionary Fund, Mandatory Fund, and Matching Fund. Each of these funds has specific period of performance requirements established in federal regulation (45 CFR § 98.60(d)). Recipients must obligate:
• Discretionary funds by the end of the succeeding fiscal year after award and must expend them by the end of the third fiscal year after award
• Mandatory funds by the end of the fiscal year in which they are awarded if the state also requests matching funds. If the state does not request matching funds for the fiscal year, then the Mandatory Funds are available until liquidated.
• Matching funds by the end of the fiscal year in which they are awarded and must liquidate them by the end of the succeeding fiscal year after award
During the audit period, the Department also received supplemental funds under the Coronavirus Aid, Relief, and Economic Security and the Coronavirus Response and Relief Supplemental Appropriations Acts. These funds are treated as Discretionary Funds, however, they have their own specific obligation and liquidation timeframes.
The U.S. Department of Health and Human Services (HHS), which oversees the CCDF at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over period of performance requirements for the CCDF program. The prior finding numbers were 2023-061, 2022-043, 2021-037 and 2020-041.
Description of Condition
The Department did not have adequate internal controls over and did not comply with period of performance requirements for the CCDF program.
Our Office uses the Department’s accounting records to verify it has met the period of performance requirements. In fiscal year 2021, management informed us that the Department changed its grant management practices to process expenditure transfers at the grant level. This new process made the original expenditures coded in the payment system inaccurate and unreliable for audit testing.
As a result, we could not trace the federal funds to a level of expenditure adequate to establish whether the Department spent CCDF funds in accordance with federal and state regulations. Further, this meant we could not test the Department’s payments for compliance with period of performance requirements. We also referenced this condition in audit finding 2024 -056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes with federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
The Department implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported the adjustments. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to determine if it materially met the period of performance requirements. Furthermore, without adequate internal controls in place, the Department is at a higher risk of making improper payments with grant funds.
Recommendations
We recommend the Department:
• Design and implement internal controls to ensure transaction-level data is sufficient to comply with federal law and state rules
• Develop written policies and procedures over federal period of performance requirements
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.60 – Availability of funds, states in part:
(d) The following obligation and liquidation provisions apply to States and Territories:
(1) Discretionary Fund allotments shall be obligated in the fiscal year in which funds are awarded or in the succeeding fiscal year. Unliquidated obligations as of the end of the succeeding fiscal year shall be liquidated within one year.
(2)
(i) Mandatory Funds for States requesting Matching Funds per § 98.55 shall be obligated in the fiscal year in which the funds are granted and are available until expended.
(ii)Mandatory Funds for States that do not request Matching Funds are available until expended.
(4) Both the Federal and non-Federal share of the Matching Fund shall be obligated in the fiscal year in which the funds are granted and liquidated no later than the end of the succeeding fiscal year.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracing of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-059 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant
93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2024WACCDD
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-062
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grants to help eligible working families pay for child care and fund improvements to child care quality. In fiscal year 2024, the Department spent about $483.5 million in federal funding.
The Department is required to submit a quarterly ACF-696 financial report for each open grant. These reports contain information on expenditures for three CCDF funding sources: the Mandatory Fund, the Matching Fund, and the Discretionary Fund. The Department uses CCDF expenditures recorded in the state’s accounting system to compile and support the ACF-696 report.
The U.S. Department of Health and Human Services (HHS), which oversees the CCF program at the federal level, requires recipients to have accounting procedures that are sufficient for tracing grants to a level of expenditure adequate to show that they have used them in accordance with program requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Department did not have adequate internal controls over financial reporting requirements for the CCDF program. The prior finding numbers were 2023-062, 2022-044 and 2021-038.
Description of Condition
The Department did not have adequate internal controls over and did not comply with financial reporting requirements for the CCDF program.
The Department’s accounting records must provide and support the financial information reported on ACF-696 reports. During the audit period, the Department’s grant management practice was to process expenditure transfers at the fund level without identifying which expenditures it transferred. Therefore, we could not rely on the data supporting the Department’s reported ACF-696 expenditures, and could not test whether the reports were accurate and complete. We also referenced this condition in audit finding 2024-056.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department is required to maintain sufficient documentation for each payment it makes using federal dollars. The Department’s accounting practices prevent it from meeting this requirement.
In fiscal year 2021, the Department informed our Office that it had implemented what management referred to as fund-level accounting. This consisted of making significant accounting adjustments between funding sources in its general ledger without identifying the underlying transactions in the payment system that supported them. This affected all populations of child care expenditures for every month of the fiscal year. HHS officials informed the Department that these accounting practices do not comply with federal law, but management said they believe they are compliant.
Effect of Condition
By not complying with federal law requirements to maintain adequate supporting documentation for expenditures, the Department created a condition that made it impossible for our Office to audit the CCDF program expenditures reported on the ACF-696 financial report.
Recommendation
We recommend the Department design and implement internal controls to ensure the ACF-696 report is supported with transaction-level data that is sufficient to comply with federal law and state rules.
Department’s Response
The Department has managed the CCDF program since 2019, prior to that it was managed by the Department of Social and Health Services and the Department of Early Learning. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grants to eligible clients and allowable activities in compliance with 45 CFR 98.67.
This process consists of making grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements. The Department’s grant adjustments were processed based on eligible clients and allowable activities and did not include child-level data as required by SAO.
The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states:
“the ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.”
In addition, ACF did not sustain the disallowance of questioned costs and stated:
“Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
The ACF recommended,
“that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.”
The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. During the audit period, the Department did not have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance as identified by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget.
The enacted 2024 supplemental budget included funding to implement the Department’s budget request for funding beginning in state fiscal year 2025 and specified:
“Funding in this subsection must be expended with internal controls that provide child-level detail for all transactions, beginning July 1, 2024”
Upon receiving funding, the Department is working with a developer to assist with building out the required databases between the Social Service Payment System (SSPS) and the Agency Financial Reporting System (AFRS) to allow transfers between fundings sources to include the child-level data related to the expenditures. The Department looks forward to working with SAO to resolve the child-level data concerns and move forward with auditing the CCDF grant programs.
Auditor’s Remarks
The level of documentation needed to support grant expenditures is not established by our Office, but in title 45 of the U.S. Code of Federal Regulations and the state’s grant award. During the February 2022 meeting with HHS that the Department referenced in its response, the grantor stated the specific federal law the Department’s accounting procedures were noncompliant with was 45 CFR 98.67.
We agree with the HHS management decision that our references to 2 CFR 200.53, 200.303, 200.403 and 200.410 in the 2021 finding were not correct. However, HHS adopted these same requirements in 45 CFR 75.2, 75.303, 75.403 and 75.410, respectfully. These requirements were all in place during the audit period. The proper references were included in the prior year finding and are included in this finding as well.
Without adequate transactional level payment data, our Office is unable to perform tests to verify the Department met these requirements. In addition, we also are unable to verify whether the Department complied with matching, level of effort and earmarking requirements, or that required financial information reported to the federal government was accurate. These matters are referenced in separate findings in our report.
In its response, the Department references a management decision letter issued October 3, 2023. The finding was partially sustained because the questioned costs identified in the audit would not be disallowed. The management decision states:
“The ACF partially sustains the finding and recommendation. The ACF agrees with the auditor that the Department should strengthen internal controls to ensure payments to child care providers are allowable and properly supported.”
“The ACF does not sustain a disallowance for the questioned costs in the amount of $271,353,409 representing the entire amount of the CCDF grant award. Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.”
We are not aware of what procedures ACF performed to conclude expenditures reported by the Department for fiscal year 2024 were spent only for allowable activities, were for allowable costs and met federal cost principles. We questioned all expenditures because, in our judgment, they were unauditable.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR, Section 98.67 – Fiscal requirements, states:
(a) Lead Agencies shall expend and account for CCDF funds in accordance with their own laws and procedures for expending and accounting for their own funds.
(b) Unless otherwise specified in this part, contracts that entail the expenditure of CCDF funds shall comply with the laws and procedures generally applicable to expenditures by the contracting agency of its own funds.
(c) Fiscal control and accounting procedures shall be sufficient to permit:
(1) Preparation of reports required by the Secretary under this subpart and under subpart H; and
(2) The tracking of funds to a level of expenditure adequate to establish that such funds have not been used in violation of the provisions of this part.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-060 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with health and safety requirements for the Child Care and Development Fund program.
Assistance Listing Number and Title: 93.575 Child Care and Development Block Grant 93.575 COVID-19 Child Care and Development Block Grant
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2103WACCDF; 2103WACCDD; 2303WACCDF; 2303WACCDD; 2403WACCDM; 2403WACCDD; 2103WACDC6; 2103WACSC6; 2103WACCC5
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Health and Safety Requirements
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-064
Background
The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2024, the Department spent about $483.5 million in CCDF federal funding.
The Department oversees two types of providers: licensed providers and license-exempt Family, Friend, and Neighbor (FFN) providers. The Department is responsible for ensuring all these providers meet health and safety standards. The monitoring activity varies for licensed and FFN providers.
The Department has an approved CCDF State Plan for federal fiscal year 2022–2024 that outlines how it will meet the health and safety requirements for licensed and FFN providers.
Licensed providers
Department licensors conduct annual monitoring visits of licensed providers. During visits, they use a monitoring checklist to verify whether providers have met required health and safety standards. The licensors use the WA Compass system to document their activities. The system allows licensing staff to monitor the completion of visits, make timely updates and streamline their processes.
When licensors identify health and safety violations during a monitoring visit, they document them on an inspection report. The inspection report contains the areas of provider noncompliance and establishes deadlines for correcting them. The Department is required to conduct timely follow-up visits on noncompliance issues to ensure providers correct them. Depending on the severity of the noncompliance, the Department has five, 10 or 15 business days to verify the noncompliance has been corrected.
FFN providers
Washington’s CCDF State Plan and a state rule (WAC 110-16-0025) require nonrelative FFN providers to complete health and safety training within 90 days of their subsidy payment begin date. They also must complete ongoing health and safety training. The Department conducts an annual health and safety visit to ensure providers are following health and safety rules.
The Department adopted a rule (WAC 110-16-0030) that states it must conduct annual technical assistance visits for nonrelative FFN providers within a year of subsidy approval. During these visits, an FFN specialist reviews health and safety requirements and reminds the provider of the ongoing training requirements.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the nine prior audits, we reported that the Department did not have adequate internal controls over and did not comply with health and safety requirements. The previous finding numbers were 2023-064, 2022-045, 2021-039, 2020-042, 2019-039, 2018-035, 2017-025, 2016-022, and 2015-024.
Description of Condition
The Department did not have adequate internal controls over and did not comply with health and safety requirements for the CCDF program.
Licensed provider annual monitoring and noncompliance follow-ups
We used a statistical sampling method to randomly select 59 out of a total population of 6,416 licensed providers. We examined this sample of licensed providers to determine if they received an annual monitoring visit and that the Department performed timely, appropriate follow-ups when they found noncompliance issues. We identified 16 instances (27%) in which the licensor did not conduct the appropriate follow-up visit on noncompliance issues within the required time frame.
Nonrelative FFN provider ongoing training and annual technical visits
The Department asserted that it uses the FFN Household CCDF Monitoring Report in WA Compass to determine if the FFN meets all training requirements. After reviewing this report, we determined that while the report contains information on current training requirements, it does not contain information for training that has already occurred during the audit period.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Licensed provider annual monitoring and noncompliance follow-ups
Department officials said the agency did not conduct 16 of the 59 monitoring follow-up visits within the required timeframe that we reviewed because it was unable to maintain the necessary level of staffing. Additionally, management did not ensure monitoring follow-up visits on identified noncompliance occurred, as the CCDF program requires.
Nonrelative FFN provider ongoing training and technical visits
Department staff remove FFNs from the personal tracking spreadsheets once training is completed, and the information is not maintained in the WA Compass system, which prevented our Office from fully auditing the Department’s monitoring activities during the audit period for ensuring that training requirements for FFNs were completed timely.
Effect of Condition
Licensed provider annual monitoring and noncompliance follow-ups
By not following up on noncompliance in a timely manner, the Department did not have assurance that providers met health and safety requirements, which can put children in jeopardy of harm, neglect and unhealthy environments.
Nonrelative FFN provider ongoing training and technical visits
By not retaining documentation of monitoring activities, the Department could not demonstrate that it was performing monitoring.
Recommendation
We recommend the Department:
• Strengthen internal controls to ensure it sufficiently monitors all health and safety requirements
• Ensure management follows established policies and procedures to ensure licensors complete all monitoring visits and conduct thorough, timely follow-ups on any identified noncompliance issues
• Improve documentation of internal controls to support that it performed monitoring activities during the audit period
Department’s Response
The Department is strongly committed to ensuring the health, safety, and well-being of all children in care. As to the State Auditor’s Office (SAO) specific findings, the Department partially concurs and offers the following detail:
Licensed provider annual monitoring and noncompliance follow-ups
The Department concurs that follow up visits were not completed timely for the cases identified by SAO. Given the Department’s limited staffing resources and high volume of providers, the Department was unable to complete all follow up visits within the timelines required. During state fiscal year 2024 the Department took the following actions to strengthen internal controls and increase recruitment of licensing staff:
• Developed and implemented a monitoring recheck tool in the WA Compass system assist with tracking and monitoring requirements are completed prior to cases being marked complete within the system.
• Created the option to document on the monitoring checklist when a non-compliance item is Corrected On-site during the monitoring visit.
• Created a new unit of licensing staff in King County to assist with caseload increases in the fastest growing provider area in Washington.
• Established new licensing staff positions to create a pathway for advancement to assist with staff recruitment efforts.
• Implemented new recruitment and training plans for child care licensors. Recruited and trained licensors were able to complete monitoring visits at the same rate as experienced licensing staff.
During state fiscal year 2024 the Department completed 100% of on-site monitoring visits. Of the cases identified by SAO, the average follow up visit is delayed by 11 business days. Although the follow up visits were not completed within the timelines required, 100% of the follow up visits occurred. The Department is focused on strengthening internal controls around all health and safety requirements and is confident that corrective actions taken will improve this area moving forward.. As part of its quality improvement initiative, the Department has implemented data-driven decisions to assist providers and their staff to meet health and safety requirements and prioritized monitoring visits to come back into compliance.
Nonrelative FFN provider ongoing training and technical visits
The Department partially concurs with the audit finding. The State Auditor’s Office (SAO) selected samples and examined 44 nonrelative providers that received child care payments during the audit period. In all instances, SAO found no issues of noncompliance or exceptions, all providers had their required trainings and technical visits as outlined in the Departments applicable health and safety WACs.
The MERIT system and the WA Compass system are monitored by staff to ensure providers comply with health and safety requirements. The current WA Compass reports are real-time dashboards to assist staff with determining requirements that are due within 30, 60, 90 days. MERIT is the system of record for individual providers training requirements. Staff perform monitoring activities outlined in the reports to verify compliance, to include checking training completion dates in MERIT and updating WA Compass with the information. Once requirements are met in WA Compass the completed tasks are no longer reflected on the dashboard. The SAO maintained that the program is not auditable without the historical data showing compliance due dates to document monitoring activities including training requirements.
The Department is committed to collaborating with SAO to determine an appropriate methodology that identify a sampling unit that can be used to accurately test internal controls around monitoring activities. Staff will continue to track and monitor FFN health and safety requirements with available tools and determine how to retain documentation to demonstrate this compliance for SAO.
Auditor’s Remarks
Regarding Nonrelative FFN provider ongoing training and technical visits, we selected and tested ongoing training and technical visits for 13 nonrelative FFN providers.
Because the Department's FFN Household CCDF Monitoring Report only contains information on current training requirements, and the Department could not provide other support for its monitoring control activities, we could not determine if monitoring occurred during the audit period.
We appreciate the Department’s commitment to improve its monitoring and compliance with health and safety requirements. We reaffirm our finding and will follow up on the status of the Department's corrective action during our next audit.
Applicable Laws and Regulations
45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 98.41, Health and safety requirements, states:
a. Each Lead Agency shall certify that there are in effect, within the State (or other area served by the Lead Agency), under State, local or tribal law, requirements (appropriate to provider setting and age of children served) that are designed, implemented, and enforced to protect the health and safety of children. Such requirements, which are subject to monitoring pursuant to § 98.42, shall:
1. Include health and safety topics consisting of, at a minimum:
i. The prevention and control of infectious diseases (including immunizations); with respect to immunizations, the following provisions apply:
A. As part of their health and safety provisions in this area, Lead Agencies shall assure that children receiving services under the CCDF are age-appropriately immunized. Those health and safety provisions shall incorporate (by reference or otherwise) the latest recommendation for childhood immunizations of the respective State, territorial, or tribal public health agency.
B. Notwithstanding this paragraph (a)(1)(i), Lead Agencies may exempt:
1. Children who are cared for by relatives (defined as grandparents, great grandparents, siblings (if living in a separate residence), aunts, and uncles), provided there are no other unrelated children who are cared for in the same setting.
2. Children who receive care in their own homes, provided there are no other unrelated children who are cared for in the home.
3. Children whose parents object to immunization on religious grounds.
4. Children whose medical condition contraindicates immunization.
C. Lead Agencies shall establish a grace period that allows children experiencing homelessness and children in foster care to receive services under this part while providing their families (including foster families) a reasonable time to take any necessary action to comply with immunization and other health and safety requirements.
1. The length of such grace period shall be established in consultation with the State, Territorial or Tribal health agency.
2. Any payment for such child during the grace period shall not be considered an error or improper payment under subpart K of this part.
3. The Lead Agency may also, at its option, establish grace periods for other children who are not experiencing homelessness or in foster care.
4. Lead Agencies must coordinate with licensing agencies and other relevant State, Territorial, Tribal, and local agencies to provide referrals and support to help families of children receiving services during a grace period comply with immunization and other health and safety requirements;
ii. Prevention of sudden infant death syndrome and use of safe sleeping practices;
iii. Administration of medication, consistent with standards for parental consent;
iv. Prevention and response to emergencies due to food and allergic reactions;
v. and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
vi. Prevention of shaken baby syndrome, abusive head trauma, and child maltreatment;
vii. Emergency preparedness and response planning for emergencies resulting from a natural disaster, or a man- caused event (such as violence at a child care facility), within the meaning of those terms under section 602(a)(1) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5195a(a)(1)) that shall include procedures for evacuation, relocation, shelter-in-place and lock down, staff and volunteer emergency preparedness training and practice drills, communication and reunification with families, continuity of operations, and accommodation of infants and toddlers, children with disabilities, and children with chronic medical conditions;
viii. Handling and storage of hazardous materials and the appropriate disposal of biocontaminants;
ix. Appropriate precautions in transporting children, if applicable;
x. Pediatric first aid and cardiopulmonary resuscitation;
xi. Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph Pediatric first aid and cardiopulmonary resuscitation; (xi) Recognition and reporting of child abuse and neglect, in accordance with the requirement in paragraph(e) of this section; and
xii. May include requirements relating to:
A. Nutrition (including age-appropriate feeding);
B. Access to physical activity;
C. Caring for children with special needs; or
D. Any other subject area determined by the Lead Agency to be necessary to promote child development or to protect children’s health and safety.
2. Include minimum health and safety training on the topics above, as described in § 98.44.
b. Lead Agencies may not set health and safety standards and requirements other than those required in paragraph (a) of this section that are inconsistent with the parental choice safeguards in § 98.30(f).
c. The requirements in paragraph (a) of this section shall apply to all providers of child care services for which assistance is provided under this part, within the area served by the Lead Agency, except the relatives specified at §98.42(c).
d. Lead Agencies shall describe in the Plan standards for child care services for which assistance is provided under this part, appropriate to strengthening the adult and child relationship in the type of child care setting involved, to provide for the safety and developmental needs of the children served, that address:
1. Group size limits for specific age populations;
2. The appropriate ratio between the number of children and the number of caregivers, in terms of age of children in child care; and
3. Required qualifications for caregivers in child care settings as described at §98.44(a)(4).
e. Lead Agencies shall certify that caregivers, teachers, and directors of child care providers within the State or service area will comply with the State’s, Territory’s, or Tribe’s child abuse reporting requirements as required by section 106(b)(2)(B)(i) of the Child Abuse and Prevention and Treatment Act (42 U.S.C. 5106a(b)(2)(B)(i)) or other child abuse reporting procedures and laws in the service area.
Washington Administrative Code (WAC) 110-16-0025 Health and safety training:
1. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete the following training within ninety calendar days of the subsidy payment begin date:
a. Infant, child, and adult first aid and cardiopulmonary resuscitation (CPR):
i. This training must be taken in person and the provider must demonstrate learned skills to the instructor.
ii. The instructor must be certified by the American Red Cross, American Heart Association, American Safety and Health Institute, or other nationally recognized certification program.
b. Prevention of sudden infant death syndrome and safe sleep practices when caring for infants; and
c. Department approved health and safety training which includes the following topic areas:
i. Prevention and control of infectious diseases;
ii. Administration of medication;
iii. Prevention of, and response to, emergencies due to food and allergic reactions;
iv. Building and physical premises safety, including identification of and protection from hazards, bodies of water, and vehicular traffic;
v. Prevention of shaken baby syndrome, abuse head trauma, and child maltreatment;
vi. Emergency preparedness and response planning for natural disasters and human-caused events;
vii. Handling and storage of hazardous materials and the appropriate disposal of bio contaminants;
viii. Appropriate precautions in transporting children;
ix. Recognition and reporting of child abuse and neglect, including the prevention of child abuse and neglect as defined in RCW 26.44.020 and mandatory reporting requirements under RCW 26.44.030; and
x. Other topic areas as determined by the department.
2. A provider described in WAC 110-16-0015 (4)(b) or (c) can meet the health and safety training in subsection (1)(c) of this section if the department verifies that the provider has completed any of the following either prior to or within ninety calendar days of the subsidy payment begin date:
a. Child care basics, a department approved thirty-hour health and safety training.
b. Washington state early childhood education initial certificate (twelve credits) that includes early childhood education and development 105 health, safety, and nutrition.
3. A provider described in WAC 110-16-0015 (4)(b) or (c) must complete a minimum of two hours of health and safety training annually, using the subsidy payment begin date. The training must include, but is not limited to, one or more of the following:
a. Prevention and control of infectious diseases;
b. Emergency preparedness and response planning for natural disasters and human-caused events;
c. Recognizing and prevention of shaken baby syndrome, head trauma abuse, neglect, and child maltreatment; and
d. Prevention of sudden infant death syndrome and safe sleep practices, if caring for an infant or toddler.
WAC 110-16-0030 Health and safety activities:
1. A provider described in WAC 110-16-0015 (4)(b) or (c), must participate in an annual, scheduled visit conducted by department staff in the home where care is provided.
2. The purpose of the visit is to:
a. Provide technical assistance to the provider regarding the health and safety requirements described in this chapter;
b. Observe the provider’s interactions with the child, and discuss health and safety practices;
c. Provide written information and local resources about child development to include the major domains of cognitive, social, emotional, physical development, and approaches to learning; and
d. Provide regional contact information for FFN child care services and resources.
3. A provider will be considered out of compliance with the requirements of this chapter if, after three attempts, the department is not able to complete an annual, scheduled visit in the home where care is provided.
4. At the annual, scheduled visit, the provider must show, unless previously provided to the department:
a. Proof of identity;
b. Proof of current certification for first aid and cardiopulmonary resuscitation (CPR) in the form of a card, certificate, or instructor letter;
c. Proof of vaccination against or acquired immunity for vaccine-preventable diseases for all children in care, if the provider’s children are on-site at any time with the eligible children. Proof can include:
i. A current and complete department of health (DOH) certificate of immunization status (CIS) or certificate of exemption (COE) or other DOH approved form; or
ii. A current immunization record from the Washington state immunization information system (WA IIS).
d. Written permission from the parent to:
i. Allow children to use a swimming pool;
ii. Administer medication for treatment of illnesses and allergies of the children in care;
iii. Provide for and accommodate developmental and special needs; and
iv. Provide transportation for care, activities, and school when applicable.
e. The written emergency preparedness and response plan required in WAC 110-16-0035(8)(c).
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-074 The Health Care Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Managed Care Financial Audit
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-073
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
Managed Care Organizations (MCOs) contract with the Authority under a comprehensive risk contract to provide prepaid health care services to eligible enrollees under their managed care programs. In fiscal year 2024, the Authority contracted with five MCOs and paid them more than $9.2 billion for Medicaid and CHIP services.
Under federal regulations, contracts between states and MCOs must include a requirement that MCOs annually submit an audited financial report to the state. MCOs must have these audits conducted in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS).
At least once every three years, the Authority must conduct or contract for an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data each MCO submits. The Authority must also post these audit results on its website. These requirements are effective for contract years starting after July 1, 2017. The Authority’s contracts with the MCOs began in January 2018, making the first audits required to be completed by December 2020.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements. The prior finding numbers were 2023-073, 2022-054 and 2021-048.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with managed care financial audit requirements.
Audited financial reports
During the audit period, the Authority’s MCO contract language included the option for MCOs to submit audited financial reports in accordance with statutory accounting principles (SAP), which is not an acceptable accounting method under federal regulations. As a result, the Authority accepted audited financial reports in accordance with SAP from all five MCOs.
Periodic audits
The Authority did not establish consistent internal controls to ensure it complied with the periodic audit requirements of MCO encounter and financial data. The Authority confirmed that its internal control included holding weekly meetings designed to keep the required audits on track for on-time completion. We used a nonstatistical sampling method to randomly select and examine 11 of 52 weekly meeting agendas during the audit period and found three instances in which the meetings did not occur, resulting in a 27.3% control failure rate.
While the Authority was in material compliance with this requirement during the audit period, it was required to complete the first financial data audits by December 2020. Therefore, the audits were 41 months late.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
Audited financial reports
Authority officials said the Authority allowed MCOs to submit audited financial reports in accordance with SAP so the reports would be consistent with the Washington State Office of the Insurance Commissioner. The Office of the Insurance Commissioner considers SAP an acceptable accounting method for determining and reporting the financial condition and the results of operations of an insurance company and determining its solvency under Washington insurance law. However, this accounting method does not comply with the federal requirements.
Periodic audits
Authority officials initially confirmed that they had adequate controls in place throughout the audit period. However, after we selected our sample for control testing, Authority officials said they did not establish the control until October 2023. All exceptions we found in our testing were within the months where the control had not yet been in place. We did not note any exceptions in our sample for months within the period following its implementation.
Effect of Condition
Audited financial reports
When it does not collect proper, audited financial reports, the Authority increases its risk of relying on inaccurate or incomplete information.
Periodic audits
When it does not establish consistent internal controls, the Authority increases its risk of material noncompliance by not completing the required audits of encounter data and financial data.
These risks could lead to an increased risk of making improper payments and reduced public transparency. The Authority could also be subject to sanction by the federal grantor for not meeting Medicaid and CHIP requirements.
Recommendation
We recommend the Authority:
• Implement policies and procedures over obtaining properly audited financial reports
• Update MCO contracts to require audits of financial statements that are conducted in accordance with GAAP and GAAS
• Establish consistent processes to conduct and fully complete audits of encounter data and financial data at least once every three years
Authority’s Response
Audited financial reports
The Authority partially concurs. The Authority accepted financial statements prepared in accordance with SAP during the fiscal year but also implemented contract changes as described in the corrective action plan from the SFY23 finding. As previously communicated to the auditor, the contract amendment process takes several months to complete. Contract language reflects the requirement for MCOs to provide the required financial audits in accordance with generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS) was initiated and will be reflected in the MCO contracts effective January 1, 2025.
Periodic audits
The Authority partially concurs. The Authority was in material compliance during the period under review but concurs that the initial Financial Audit was completed after December 2020. Moving forward, the Authority has controls in place to ensure periodic audits are completed within the required timelines.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 438, Managed Care, establishes the following applicable requirements:
Section 438.3 Standard Contract Requirements states in part:
(m) Audited financial reports. The contract must require MCOs, PIHPs, and PAHPs to submit audited financial reports specific to the Medicaid contract on an annual basis. The audit must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards.
Section 438.600 Statutory basis, basic rule, and applicability states in part:
(c) Applicability. States will not be held out of compliance with the following requirements of this subpart prior to the dates noted below so long as they comply with the corresponding standard(s) in 42 CFR part 438 contained in the CFR, parts 430 to 481, edition revised as of October 1, 2015:
(1) States must comply with §438.602(a), 438.602(c) through (h), 438.604, 438.606, 438.608(a), and 438.608(c) and (d), no later than the rating period for contracts starting on or after July 1, 2017.
(2) States must comply with §438.602(b) and § 438.608(b) no later than the rating period for contracts beginning on or after July 1, 2018.
Section 438.602 State responsibilities states in part:
(e) Periodic audits. The State must periodically, but no less frequently than once every 3 years, conduct, or contract for the conduct of, an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each MCO, PIHP or PAHP.
(g) Transparency. The State must post on its Web site, as required in §438.10(c)(3), the following documents and reports:
(1) The MCO, PIHP, PAHP, or PCCM entity contract.
(2) The data at §438.604(a)(5).
(3) The name and title of individuals included in §438.604(a)(6).
(4) The results of any audits under paragraph (e) of this section.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-075 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children’s Health Insurance Program.
Assistance Listing Number and Title: 93.767 Children’s Health Insurance Program
93.767 COVID-19 Children’s Health
Insurance Program
93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM; 2205WA5021; 2305WA3002; 2305WA5021; 2405WA5021
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions – Provider Eligibility (Screening and Enrollment)
Known Questioned Cost Amount: $3,844,961
Prior Year Audit Finding: Yes, Finding 2023-074
Background
The Health Care Authority administers both Medicaid and the Children’s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. CHIP provides health coverage for about 112,000 children and pregnant people whose families’ incomes are too high to qualify for Medicaid. During fiscal year 2024, the Medicaid program spent over $20.6 billion in federal and state funds and CHIP spent nearly $179.7 million in federal and state funds.
The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 140,000 participating providers in fiscal year 2024. During that time, the Authority paid more than $12.7 billion to providers for direct client services under the programs.
The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal Regulations require that the state Medicaid agency determine the exclusion status of providers through the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities, the System for Award Management, and any other databases as the State or Secretary may prescribe. All providers in a Medicaid program must have a valid National Provider Indicator (NPI) provided through the NPPES system before enrollment. Without passing these database checks, providers cannot be enrolled in Medicaid.
The state Medicaid agency must also revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that sends a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider.
During the fiscal year 2021 audit, our Office reported in finding 2021-047 that there was a problem with the automated revalidation notifications. Specifically, the notices were being sent to providers after the five-year deadline had passed. In December of 2023, the Authority reported that the issue was resolved, and that revalidation notices were going out 150 days before the revalidation due date. If the provider revalidation is not completed, the Authority’s Medicaid system (Provider One) is set to automatically deactivate the provider so that payments cannot be processed.
The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the providers’ screening risk level. A provider can be designated as one of three risk levels: limited, moderate, or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types:
• Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination
• Conduct license verifications, including for licenses in states other than where the provider is enrolling
• Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the NPPES, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File Index
If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018.
The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims
To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments.
In response to the COVID-19 pandemic, the Authority obtained flexibility under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider application, as well as the postponement of all revalidation actions until the end of the emergency declaration which ended in March 2023 for the Medicaid and CHIP programs.
Also, in response to the COVID-19 pandemic, the Authority’s Chief Medical Officer approved a blanket waiver for the backdating of all provider’s effective dates, which was allowed by CMS and Washington Administrative Code. This waiver allows all providers to submit claims for services provided before their enrollment and revalidation applications are approved. This waiver is still in effect.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2023-074, 2022-055, 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs.
During the audit period, the Authority processed 12,073 new provider enrollments and was required to perform ongoing eligibility determinations for 125,615 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found eight instances (7%) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found:
• Staff enrolled two new providers and did not terminate three active providers without either having a valid CPA on file or being affiliated with a billing provider who has a valid CPA on file. Because the providers were not covered by a valid CPA, they were improperly enrolled and not eligible to provide services.
• Staff did not complete a full enrollment screening prior to approval for two new providers.
• Staff did not close the ProviderOne domain for a provider who was listed as deceased on June 4th, 2017, in the automated provider screening system.
The procedures for sending revalidation notifications to providers changed on December 8, 2023. After this date, the Authority sent revalidation notifications 150 days prior to the deadline. During the audit period, we identified 816 providers who received a revalidation notification prior to 12/8/2023 and 1,836 providers who received a revalidation notification after this date. We used a statistical sampling method to randomly select and examine 57 pre-12/8/2023 revalidations and 58 post-12/8/2023 revalidations to determine if the Authority appropriately screened the providers prior to approval or if providers were deactivated by the deadline. Of the 115 providers examined, we found 95 instances (83%) when the Authority did not take sufficient action to ensure providers were either appropriately revalidated or deactivated by the revalidation deadline. Specifically, we found:
Pre-12/8/2023 Notifications
• Staff revalidated 48 providers; however, revalidation occurred after the deadline
• Seven providers were not revalidated or deactivated by the revalidation deadline
Post-12/8/2023 Notifications
• 10 providers were revalidated after the revalidation deadline
• 30 providers were not revalidated or deactivated by the revalidation deadline
Federal regulations and a state rule require providers identified as high risk receive fingerprint based criminal background checks upon enrollment or revalidation. The Authority stated that they are not currently performing background checks for high-risk providers and are developing resources and procedures to fulfil this requirement in the future.
We consider these internal control deficiencies to be a material weakness which led to material noncompliance.
Cause of Condition
Although the Authority has established processes to screen and enroll providers, they were ineffective to prevent or detect noncompliance. Management also did not ensure staff consistently followed the procedures in place.
Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that prior to December 8, 2023, the Authority’s automated system was designed to notify providers of their revalidations one day after the due date. We formally notified the Authority of this weakness in the automated system during the fiscal year 2021, 2022, and 2023 audits. Our audit also found that after the automated revalidation system was corrected by the Authority, it did not automatically deactivate providers to prevent claims from being processed.
Management did not ensure adequate internal controls were established to comply with requirements that high-risk providers receive fingerprint-based background checks.
Effect of Condition and Questioned Costs
By not complying with federal fingerprint-based background checks for high-risk providers, the Authority risks the health and safety of Medicaid clients and is at a higher risk of not detecting when medical providers are ineligible to provide services or be paid with Medicaid funds.
By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments.
Provider Category Known Questioned Costs
(state and federal) Known Questioned Costs (federal portion only) Likely Questioned Costs (state and federal) Likely Questioned Costs (federal portion only)
Revalidated Providers Pre 12/8/2023 (Old Process) $568,101 $277,570 $8,132,819 $3,973,630
Revalidated Providers Post 12/8/2023 (New Process) $342,094 $247,045 $10,829,055 $7,820,246
Total $910,195 $524,615 $18,961,874 $11,793,876
During revalidation testing for nursing facilities that submitted social service claims, we found that medical claims had also been submitted during fiscal year 2024. We checked the licensing of these facilities to ensure that they were eligible to bill Medicaid for medical services. We determined that three nursing facilities were not revalidated as required and were not prevented from submitting unallowable medical claims to Medicaid. We identified $6,463,577 in questioned costs, with the federal portion being $3,320,346.
Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with 95% confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our “best estimate of total questioned costs” as required by 45 CFR 75.516(3).
We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures.
Recommendation
We recommend the Authority:
• Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services
• Implement internal controls designed to bring it into material compliance with the provider revalidation process
• Implement procedures to ensure high risk providers receive required fingerprint-based background checks
Authority’s Response
The Authority partially concurs with the finding.
For the period of July 1, 2023 through December 8, 2023, the Authority concurs that 48 providers were revalidated after the deadline, and that seven providers were not revalidated or deactivated by the revalidation deadline. On December 8, 2023, the Authority implemented a system change to send revalidation notices 150 days ahead of the deadline.
For the period of December 9, 2023, through June 30, 2024, the Authority concurs with the auditor’s testing.
The Authority concurs that one provider was not terminated after the provider was deceased, and that one active provider was not correctly terminated due to an incomplete revalidation, described by the auditors as not having a valid CPA on file.
The Authority does not concur with the auditor’s assertion that two providers did not have a valid CPA on file. The two providers had valid CPAs on file, which do not expire under state or federal law. Washington Administrative Code (WAC) requires only that providers have a CPA on file. There is no violation of federal regulations or WAC to revalidate without collecting a new signed CPA.
The Authority does not concur that two new providers were enrolled without completion of a full enrollment screening. The providers were screened by staff as documented on the enrollment checklist on the same day the enrollment was approved.
Finally, regarding the nursing facility revalidation issue, as Washington’s Medicaid agency, we operate cooperatively under a written agreement with the Department of Social and Health Services (Department) who carry out nursing facility licensing and revalidations. The Department responded with the following regarding the revalidations:
“The Department partially agrees with the finding.
We agree five providers did not have Medicaid Provider Disclosure Statement (MPDS) forms.
We do not concur with the known questioned cost amount. While the MPDS forms are a requirement for the Centers for Medicare and Medicaid Services, services were provided to clients and the nursing facilities had valid contracts and active licenses.
Effective May 2024, the Nursing Facility Revalidation Process was updated to state that the Facilities Contract Specialist would review the NF revalidation monitoring spreadsheet monthly and revalidation paperwork sent one year in advance of the due date to ensure revalidation is done ahead of the 5-year period. In addition, the Department will be consulting with the Authority to determine if it is possible to automate revalidation notices.
Department contracts staff will be verifying the MPDS forms are in MODIS for all nursing facilities and that each form has been completed within the 5-year period by 12/31/25.”
Auditor’s Remarks
Federal regulations state that providers must be revalidated at least every five years. The Authority’s written policies and procedures state that a signed CPA must be provided by providers as part of the revalidation.
For the two providers enrolled without completion of a full enrollment screening, there was no record of a screening being performed at the time of enrollment in ProviderOne, the system of record. The enrollment checklist is an internal tool utilized by the Authority and does not provide sufficient evidence that screening requirements for providers were met.
We appreciate the steps the Authority and Department have taken to ensure revalidation requirements are met for nursing facilities. However, federal regulations specify that federal payments may not be made to entities that do not provide required disclosures. Federal law 42 CFR Part 455.104 (f) states that federal financial participation is not available in payments made to a disclosing entity that fails to disclose required ownership or control information.
We reaffirm our finding and questioned costs and will follow up on the status of the Authority’s corrective actions during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 U.S. Code of Federal Regulations (CFR) Part 433, State Fiscal Administration, Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments.
Title 42 CFR section 438 subpart H - Additional Program Integrity Safeguards, states in part:
Section 438.602 State responsibilities
b. Screening and enrollment and revalidation of providers.
1. The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PHIPs, and PAHPs, in accordance with the requirement of part 455 subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries.
2. MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees.
c. Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM, or PCCM entity, and any subcontractors as required in § 438.608(c).
d. Federal database checks. Consistent with the requirements at § 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of MCO, PIHP, PAHP, PCCM, or PCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM, or PCCM entity through routine checks of Federal databases.
This includes the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with § 438.610(c).
Title 42 CFR section 455 subpart B – Disclosure of Information by Providers and Fiscal Agents, states in part:
Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control.
a. Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities.
b. When disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures:
1.
i. The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agency, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location and P.O. Box address.
ii. Date of birth and Social Security Number (in the case of an individual).
iii. Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest.
2. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in an subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling.
3. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest.
4. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity).
c. When the disclosures must be provided –
1. Disclosures from providers or disclosing entities. Disclosures from any provider or disclosing entity is due at any of the following times:
i. Upon the provider or disclosing entity submitting the provider application.
ii. Upon the provider or disclosing entity executing the provider agreement.
iii. Upon request of the Medicaid agency during the re-validation of enrollment process under § 455.414.
iv. Within 35 days after any change in ownership of the disclosing entity.
2. Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times:
i. Upon the fiscal agent submitting the proposal in accordance with the State’s procurement process.
ii. Upon the fiscal agent executing the contract with the State.
iii. Upon the renewal or extension of the contract.
iv. Within 35 days after any change in ownership of the fiscal agent.
3. Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times:
i. Upon the managed care entity submitting the proposal in accordance with the State’s procurement process.
ii. Upon the managed care entity executing the contract with the State.
iii. Upon renewal of the contract.
iv. Within 35 days after any change in ownership of the managed care entity.
4. Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section.
d. To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency.
f. Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section.
Title 42 CFR section 455 Subpart E – Provider Screening and Enrollment, states in part:
Section 455.410 Enrollment and screening of providers
a. The State Medicaid agency must require all enrolled providers to be screened under to this subpart.
b. The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers.
c. The State Medicaid may rely on the results of the provider screening performed by any of the following:
1. Medicare contractors
2. Medicaid agencies or Children’s Health Insurance Programs of other States.
Section 455.412 Verification of provider licenses
The State Medicaid agency must –
a. Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State.
b. Confirm that the provider’s license has not expired and that there are no current limitations on the provider’s license.
Section 455.414 Revalidation of enrollment
The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years.
Section 455.436 Federal database checks
The State Medicaid agency must do all of the following
a. Confirm the identity and determine the exclusion status of any providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases.
b. Check the Social Security Administration’s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe.
c.
1. Consult appropriate databases to confirm identity upon enrollment and reenrollment; and
2. Check the LEIE and EPLS no less frequently than monthly.
Section 455.450 Screening levels for Medicaid providers.
A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation or enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable.
a. Screening for providers designated as limited categorical risk. When the State Medicaid agency designated a provider as a limited categorical risk, the State Medicaid agency must do all of the following:
1. Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination.
2. Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with § 455.412.
3. Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with § 455.436.
b. Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a “moderate” categorical risk, a State Medicaid Agency must do both of the following:
1. Perform the “limited” screening requirements described in paragraph (a) of this section.
2. Conduct on-site visits in accordance with § 455.432.
c. Screening for providers designated as high categorical risk. When the State Medicaid agency designated a provider as a “high” categorical risk, a State Medicaid agency must do both of the following:
1. Perform the “limited” and “moderate” screening requirements described in paragraphs (a) and (b) of this section.
2.
i. Conduct a criminal background check; and
ii. Require the submission of a set of fingerprints in accordance with § 455.434.
d. Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the providers, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its –
1. Application denied under § 455.434; or
2. Enrollment reminder under § 455.416
e. Adjustment of risk level. The State agency must adjust the categorical risk level from “limited” or “moderate” to “high” when any of the following occurs:
1. The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State’s Medicaid program within the previous 10 years.
2. The State Medicaid agency of CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted.
Medicaid Provider Enrollment Compendium (MPEC)
2024-076 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-076
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
The Centers for Medicare and Medicaid Services (CMS), which administers the program at the federal level, relies on states to regulate and license hospitals that serve Medicaid clients. Medicaid coverage for hospitals is authorized only when services are provided in a facility that is licensed and certified by the state survey agency (for non-deemed hospitals) or an accrediting organization (for deemed hospitals). The term “deemed” means the facility has voluntarily requested and received permission from CMS to be certified by an accrediting organization, while hospitals that are “non-deemed” have not. The Department of Health is Washington’s state licensing agency, and is also responsible for investigating hospital complaints. The Department’s Office of Investigation and Legal Services (OILS) is the front-line response system for providing the intake and assignment functions for complaints from staff, patients, accrediting organizations and the public. The Department’s Office of Health Systems Oversight is responsible for coordinating and performing investigation surveys.
Deemed hospitals are surveyed for CMS certification by their accrediting organizations. However, the Department performs an investigation survey for complaints that meet the federal prioritization level. People can submit complaints to OILS online or by mail, email or telephone. OILS uses the Integrated Licensing and Regulatory System (ILRS) to input and track complaints. OILS intake staff review report types regardless of delivery method before entering them into ILRS. Intake staff check for possible imminent danger and then deliver the complaint to the Department’s Office of Health Systems Oversight, as well as upload an electronic copy to a secure drive.
The CMS State Operations Manual, which is binding on Medicare-certified and Medicare- Medicaid-certified providers, provides state agencies with procedural guidelines for surveying and managing complaints and incidents.
Hospitals are responsible for following the provider health and safety standards that are mandated by state and federal regulations.
When the Department receives hospital complaints, state regulations require staff to perform an initial assessment of the reports within 21 days. In addition, staff must review the reports for possible imminent danger within two working days of receiving them. If staff identify imminent danger, they must immediately forward the report for processing.
The following two tables outline the federal requirements for response times the Department must follow for deemed hospitals and non-deemed hospitals.
Priority levels and response times for non-deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of prioritization
Non- Immediate Jeopardy Medium Must investigate no later than when the next onsite survey occurs
Non-Immediate Jeopardy Low Must track/trend for potential focus areas during the next onsite survey
Priority levels and response times for deemed hospitals
Priority levels Required response times
Immediate Jeopardy Initiate onsite survey within two business days of receipt of regional office authorization
Non-Immediate Jeopardy High Initiate onsite survey within 45 calendar days of receipt of regional office authorization
Non-Immediate Jeopardy Medium Complainant is referred to the applicable accrediting organization(s)
Non-Immediate Jeopardy Low Complainant is referred to the applicable accrediting organization(s)
The CMS State Operations Manual requires people with certain qualifications to assess each hospital complaint. These people must be professionally qualified to evaluate the nature of the problem based on their knowledge and experience of current clinical standards of practice and federal requirements.
If OILS determined possible imminent danger, the case manager and survey manager review the complaints for immediate jeopardy. If they determine there is possible imminent danger, then an Expedited Case Management Team is designated. If they do not identify immediate jeopardy, they prioritize the complaint at the next weekly case management meeting. Once case managers decide that a complaint at a non-deemed hospital meets the state and federal prioritization level for investigation, they assign it to field staff. For complaints at deemed hospitals that meet the federal prioritization level for investigation, case managers request authorization from the CMS regional office through the Aspen Complaint Tracking System (ACTS) to initiate an investigation.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In the prior audit we reported the Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints. The prior finding number was 2023-076.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure timely review of hospital complaints.
The Department received 1,784 hospital complaints during state fiscal year 2024. We evaluated all of them to ensure the Department performed an initial assessment and review of the complaints for imminent danger within the required timelines. We found the Department did not review 1,624 complaints (91%) for imminent danger within two working days of receiving them. The review time for these complaints ranged between three and 71 days. In addition, the Department did not review 303 complaints (17%) within the 21-day basic assessment period. The review time for these complaints ranged between 22 and 170 days.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
Cause of Condition
The Department did not implement adequate internal controls to ensure staff reviewed the complaints within the required timeframe. Management also acknowledged that the Department was understaffed, which contributed to its failure to comply with the 21-day basic assessment period. In addition, the Department asserted that the ILRS system is not configured to accurately capture the dates of when program staff review complaints for imminent danger.
Effect of Condition
When the Department does not prioritize and perform a prompt initial assessment of complaints, vulnerable patients are at higher risk of abuse, neglect and substandard care. The delays in reviewing these complaints also affect the Department’s ability to initiate timely investigations of issues concerning providers. Further, when the Department does not promptly follow up on a complaint, the state also runs the risk of paying Medicaid funding to a noncompliant facility.
Recommendation
We recommend the Department implement internal controls to ensure it reviews complaints and documents the reviews for imminent danger within two working days of receiving the complaints and within the 21-day basic assessment, as state regulations and the State Operations Manual require.
Department’s Response
We appreciate the State Auditor’s Office audit of the Medicaid Special Tests Health and Safety Standards grant requirement. The Department of Health is committed to ensuring our programs comply with federal regulations and concurs generally with the finding. While the Department continues to assert that it has a process to screen complaints for possible imminent danger, the Department has assessed and instituted system internal controls necessary to demonstrate compliance and properly reflect the accurate date of initial screening for imminent danger within two working days of receiving a complaint, as required by the CMS State Operations Manual, and subsequent 21-day basic assessment and review timeline per internal policies.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Washington Administrative Code 246-14-040 Uniform Procedures For Complaint Resolution, states:
Initial assessment of reports.
1. Initial assessment is the process of determining whether a report warrants an investigation and becomes a complaint. The complainant and credential holder or applicant will be notified as soon as possible after the initial assessment is complete.
2. The basic time period for initial assessment is twenty-one days.
3. All reports will be reviewed for imminent danger within two working days. If imminent danger is identified, the report will be immediately forwarded for processing.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 5 – Complaint Procedures, states in part:
Section 5010 –General Intake Process
A complaint is an allegation of noncompliance with Federal and/or State requirements. If the SA determines that the allegation(s) falls within the authority of the SA, the SA determines the severity and urgency of the allegations, so that appropriate and timely action can be pursued. Each SA is expected to have written policies and procedures to ensure that the appropriate response is taken for all allegations and is consistent with Federal requirements as well as with procedures in the Sate Operations Manual. This structure needs to include response timelines and a process to document actions taken by the SA in response to allegations. If a state’s time frames for the investigation of a complaint/incident are more stringent than the Federal time frames, the intake is prioritized using the State’s timeframes. The SA is expected to be able to share the logic and rationale that was utilized in prioritizing the complaint/incident for investigation. The SA response must be designed to protect the health and safety of all residents, patients, and clients.
Section 5070 –Priority Assignment for Nursing Homes, Deemed and Non-Deemed Non- Long Term Care Providers/ Suppliers, and EMTALA
An assessment of each complaint or incident intake must be made by an individual who is professionally qualified to evaluate the nature of the problem based upon his/her knowledge of Federal requirements and his/her knowledge of current clinical standards of practice.
…
For non-long term care providers/suppliers, in situations where a determination is made that immediate jeopardy may be present and ongoing, the SA is required to start the on site investigation within two business days of receipt of the complaint or incident report, or, in the case of a deemed provider or supplier, within two business days of RO authorization for investigation. The same process applies to EMT ALA complaints or a survey related to a report of a hospital or CAH Distinct Part Unit patient death associated with the use of restraint or seclusion. The SA’s investigation must be initiated within two business days of RO authorization for investigation.
…
CMS expects SAs to prioritize complaints at the appropriate level that is warranted. The timeframes in Section 5075 below represent maximum timeframes for investigation; … the SA is not precluded from investigating complaints and facility- reported incidents within a shorter timeframe. In addition, the SA is not precluded from taking other factors into consideration in its triage decision. For example, the SA may identify a trend in allegations that indicates an increased risk of harm to residents or the SA may receive corroborating information from other complainants regarding the allegation….
Section 5075.9 – Maximum Time Frames Related to the Federal Onsite Investigation of Complaints/Incidents
Provider Type Intake Prioritization - Immediate Jeopardy
Non-deemed non-long term care providers/suppliers SA must initiate an onsite survey within 2 business days of receipt.
Deemed providers/suppliers SA must initiate an onsite survey within 2 business days of receipt of RO authorization.
2024-077 The Department of Social and Health Services did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s Medicaid Fraud Control Unit.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Medicaid Fraud Control Unit
Known Questioned Cost Amount: None
Prior Year Audit Finding: No
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
States are required as part of their Medicaid state plans to maintain a Medicaid Fraud Control Unit (MFCU). The primary mission of the MFCU is to investigate and prosecute fraud by Medicaid providers, to review and investigate complaints alleging abuse or neglect of patients in Medicaid-funded healthcare facilities, and to review and investigate complaints of patient abuse or neglect in board and care facilities or involving Medicaid beneficiaries in noninstitutional and other settings.
States must have methods and criteria for identifying suspected fraud cases, methods for investigating these cases, and procedures, developed in cooperation with legal authorities, for referring credible allegations of fraud cases to law enforcement officials. Credible allegations of provider fraud must be referred to the state MFCU, a division within the Office of the Attorney General. States must have an agreement with the MFCU, which includes methods of coordination and procedures for referring potential fraud.
Case managers and field staff at the Department of Social and Health Services, as well as their contractor, Consumer Direct Care Network Washington (CDWA) who manages Individual Providers delivering direct care to clients, help identify potential and suspected provider fraud for the Department to consider. The program integrity units within the Aging and Long-Term Support Administration (ALTSA) and Developmental Disabilities Administration (DDA) at the Department receive allegations of potential fraud and conduct further research to determine if the potential fraud is credible. If it is credible, and the fraud is a potential loss of more than $1,000, the Department refers the case to MFCU. Fraud allegations under $1,000 are reviewed and tracked to ensure any repeat allegations can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to offer provider education and billing standards training and once completed, the training is documented and then used to support any future allegations.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The Department did not have adequate internal controls over and did not comply with requirements to ensure it referred all credible allegations of provider fraud to the state’s MFCU.
To determine if the Department properly reviewed and investigated all allegations of fraud and referred those which were credible to MFCU, we reviewed allegations that program integrity units at ALTSA and DDA received.
For allegations of fraud ALTSA reviewed, we used a statistical sampling method to randomly select and examine 56 out of a total population of 490 allegations. We determined ALTSA did not properly refer 13 (23 %) credible allegations of fraud to MFCU.
For allegations of fraud DDA reviewed, we used a nonstatistical sampling method to randomly select and examine 13 out of a total population of 79 allegations. We determined DDA did not properly refer two (15 %) credible allegations of fraud to MFCU.
We determined the Department’s internal controls were ineffectively designed to prevent noncompliance with MFCU requirements. Specifically, the Department’s decision to only refer cases of fraud with a potential loss of more than $1,000 is not in compliance with federal law, which requires the Department to refer all credible allegations to MFCU regardless of the amount of potential loss.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Department management said they were under the impression that MFCU did not want the Department to refer credible allegations of fraud with a potential loss of less than $10,000 to them for investigation. However, the Department determined that it would refer credible allegations with a potential loss of $1,000 or more.
Effect of Condition
Because the Department uses a monetary threshold, it does not refer most credible allegations of fraud with a potential loss of less than $1,000 to MFCU, as required. This prevents MFCU from considering some credible allegations of fraud for investigation; the State is therefore at risk of not recovering Medicaid funds that may have been fraudulently paid to providers.
Recommendation
We recommend the Department create and implement internal controls, policies and procedures that allow it to refer all credible allegations of fraud to MFCU.
Department’s Response
The Department concurs with the finding.
The Department was under the impression that MFCU did not want referrals of credible allegations of fraud with a potential loss of less than $10,000 sent to them for investigation. However, management determined the Department would refer allegations of fraud with a potential loss of $1,000 or more.
The 15 cases (13 for ALTSA and two for DDA) that were not referred to MFCU were each under $1,000 of potential loss. Provider education was completed by CDWA, and the funds were returned to Medicaid. Fraud referrals under $1,000 are all reviewed and tracked to ensure any repeat referrals can be compiled to show a pattern of possible fraudulent behaviors. The Department and CDWA work together to determine if provider education is appropriate. After CDWA completes the provider education and billing standards, training is documented and then used to support any future referrals.
The Department met with CDWA to discuss a revised process that will ensure compliance with MFCU requirements. In addition, DSHS Medicaid Provider Fraud Referral form 12-210 will be modified to include CDWA as an entity.
The Department and CDWA will revise and finalize existing procedures related to the submission of fraud referrals and referrals of all credible allegations regardless of the amount of potential loss. Approval will be requested for the creation of a ticketing system for CDWA to submit provider fraud referrals directly into SharePoint to streamline the process to reduce workload and ensure compliance with MFCU Requirements.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 42 CFR Part 455, section 21, Cooperation with State Medicaid fraud control units, states in part:
a. The agency must
1. Refer all cases of suspected provider fraud to the unit;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-078 The Department of Social and Health Services, Aging and Long-Term Support Administration, did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-078
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had three ICF/IID facilities that were Medicaid certified.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID) survey agency. An ICF/IID is an institution with the primary purpose of providing health or rehabilitation services to people with intellectual disabilities or related conditions who receive care and services under Medicaid.
The Department must perform a federal certification survey of each ICF/IID. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services, as well as the outcome of the facility’s implementation of ICF/IID active treatment services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each ICF/IID facility within 15.9 months after the previous survey, and the statewide average for all ICF/IID facilities must not exceed 12.9 months for all ICF/IID facilities, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification. In addition to federal requirements, the Department has established its own policies and procedures requiring that it review a submitted POC within five working days after receiving it.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-078, 2020-053, 2019-061, 2018–052, 2017-042, 2016-037, 2015-045, and 2014-046.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid intermediate care facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9 month survey frequency, and the statewide average of 12.9 months between surveys for each facility. The Department uses a separate tracking spreadsheet to track individual surveys for SOD and POC due dates and approaching deadlines.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for all three of the ICF/IIDs within the required 15.9 months and 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for the three surveys was 22.1 months.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
As a result of the public health emergency, the Department had an extensive backlog of complaints and recertification surveys. While trying to address the backlog there were new complaints that also had to be prioritized. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
Management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and within the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through our applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. Although there are only three facilities, there is only one team that handles the surveys, complaints and revisits for this provider type across the entire state.
The 12.9 month average is based on the overall average of the months for all ICF-IID surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is an improvement from the 22.1 months in FY23 and FY24.
Regional Administrators have met with their ICF/IID teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 442, Standards for Payment to Nursing Facilities and Intermediate Care Facilities for Individuals with Intellectual Disabilities, states in part:
Section 442.109 – Certification period for ICF/IIDs: General Provisions
(a) A survey agency may certify a facility that fully meets applicable requirements. The State Survey Agency must conduct a survey of each ICF/IID not later than 15 months after the last day of the previous survey.
(b) The statewide average interval between surveys must be 12 months or less, computed in accordance with paragraph (c) of this section.
Title 42 CFR, Part 488, Survey, Certification, and Enforcement Procedures, states in part:
Section 488.28 – Providers or suppliers, other than Skilled Nursing Facilities (SNFs), Nursing Facilities (NFs), and Home Health Agencies (HHAs) with deficiencies
(a)If a provider or supplier is found to be deficient in one or more of the standards in the conditions of participation, conditions for coverage, or conditions for certification or requirements, it may participate in, or be covered under, the Medicare program only if the provider or supplier has submitted an acceptable plan of correction for achieving compliance within a reasonable period of time acceptable to CMS. In the case of an immediate jeopardy situation, CMS may require a shorter time period for achieving compliance.
(b)The existing deficiencies noted either individually or in combination neither jeopardize the health and safety of patients or are of such character as to seriously limit the provider's capacity to render adequate care.
(c)
(1) If it is determined during a survey that a provider or supplier is not in compliance with one or more of the standards, it is granted a reasonable time to achieve compliance.
(2)The amount of time depends upon the -
(i)Nature of the deficiency; and
(ii)State survey agency's judgment as to the capabilities of the facility to provide adequate and safe care.
(d)Ordinarily a provider or supplier is expected to take the steps needed to achieve compliance within 60 days of being notified of the deficiencies but the State survey agency may recommend that additional time be granted by the Secretary in individual situations, if in its judgment, it is not reasonable to expect compliance within 60 days, for example, a facility must obtain the approval of its governing body, or engage in competitive bidding.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The Certification Process, states in part:
2138G – Schedule for Recertification
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see §2141).
2141 – Recertification – ICFs/IID
(Rev. 91, Issued: 09-27-13, Effective: 09-27-13, Implementation: 09-27-13)
• The regulation at §442.15 provides that provider agreements for ICF/IID’s would remain in effect as long as the facility remains in compliance with the Conditions of Participation (COP’s). Regulations at §442.109 through §442.111.
• Beginning on May 16, 2012, ICF/IID’s are no longer subject to time-limited agreements. However, they are to be surveyed for re-certification an average of every 12 months and at least once every 15 months.
• If during a survey the survey agency finds a facility does not meet the standards for participation the facility may remain certified if the survey agency makes two determinations – The facility may maintain its certification if the survey agency finds Immediate Jeopardy doesn’t exist, and if the facility provides an acceptable plan of correction.
• An ICF/IID may be decertified under procedures outlined in Section 3012 of the State Operations Manual. More specifically, a facility may be decertified if an immediate jeopardy finding remains unabated after 23 days or if it fails to regain compliance with conditions of participation after 90 days.
ICF/IID’s will be subject to survey an average of every 12 months and at least every 15 months, the same period that is applied to Nursing Homes.
The Department of Social and Health Services, Residential Care Services Standard Operating Procedure: Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID), Chapter 16C2 – ICF/IID Plan of Correction (PoC) states in part:
Overview
Following the survey process and upon receipt of the SOD, the facility must develop a Plan of Correction (PoC) to address all stated deficiencies outlined in the SOD within 10 calendar days of receipt of the SOD. Regulations allow certification of ICF/IID facilities with deficiencies at the standard level “only if the facility has submitted an acceptable PoC for achieving compliance within a reasonable period of time acceptable to the Secretary.” Failure to submit a PoC could result in termination of the facility agreement.
Decisions on acceptance of the PoC by the survey team must occur within 5 working days of receipt by RCS.
The facility has no longer than 60 calendar days to implement the PoC and correct the deficiency. The correction date for a specific deficiency may be less depending on the circumstances of the deficiency.
Procedure
Surveyor/Complaint Investigator will:
1.Review the PoC within 5 working days of receipt of the PoC.
2. An acceptable PoC must contain the following elements:
• The plan for correcting the specific deficiency cited. The plan should address the internal facility processes that lead to the deficiency being cited;
• The procedures for implementing the PoC for the specific deficiency cited;
• The monitoring procedure to ensure that the PoC is effective and that specific deficiency cited remains corrected and in compliance with the regulatory requirements;
• The title of the person responsible for implementing the PoC.
3. PoCs must be specific and realistic, stating exactly how the correction to the deficiency occurred. The administrator, or other authorized official, must sign and date the PoC. Additional documentation attached to CMS Form 2567 is acceptable. All deficiencies corrected since the survey must have the corrected date on the form.
4. Do not routinely accept dates for correction at 60 calendar days. If a corrected deficiency is possible well before 60 calendar days, then the correction date should reflect that.
5. Discuss the decision with the Field Manager. Determine possible revisits as needed.
6. If the PoC is acceptable (depending on a paper review and/or onsite revisit if needed), complete the CMS Form 2567B in ASPEN.
7.If the PoC is not acceptable, see Chapter 16C3: Unacceptable PoC for procedures.
8. Report the decision to the Administrative Assistant 3 (AA3) for documentation.
2024-079 The Department of Social and Health Services, Aging and Long-Term Support Administration did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing homes.
Assistance Listing Number and Title: 93.775 - State Medicaid Fraud Control Units
93.777 - State Survey and Certification of Health Care Providers and Suppliers (Title XVIII) Medicare
93.777 COVID-19 – State Survey and Certification of Health Care Providers and Suppliers
93.778 - Medical Assistance Program (Medicaid; Title XIX)
93.778 COVID-19 – Medical Assistance Program (Medicaid; Title XIX)
Federal Grantor Name: U.S Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions – Provider Health and Safety Standards
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-079
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the state’s federal expenditures. During fiscal year 2024, the program spent over $20.6 billion in federal and state funds and had 194 Medicaid certified nursing homes.
Residential Care Services (RCS), under the Department of Social and Health Services, Aging and Long-Term Support Administration, is the State’s nursing home survey agency. A nursing home facility is an institution with the primary purpose of providing 24-hour supervised nursing care, personal care, therapy, nutrition management, organized activities, social services, room, board and laundry to people who receive care and services under Medicaid.
The Department must perform a federal certification or recertification survey of each nursing home. The certification survey is a resident-centered inspection that gathers information about the quality of service provided in a facility to determine compliance with the participation requirements. The survey focuses on the facility’s administration and patient services. The survey also assesses compliance with federal health, safety and quality standards designed to ensure patients receive safe and quality care services.
The State must complete a standard survey for each nursing home facility within 15.9 months after the previous survey, and the statewide average for all nursing homes must not exceed 12.9 months for all nursing homes, as required by Centers for Medicare and Medicaid Services (CMS). All staff surveyors are required to receive specific RCS training in order to be qualified to conduct surveys. If a survey uncovers deficiencies, the Department must mail a Statement of Deficiency (SOD) to the facility within 10 working days of the survey date. The facility must submit a Plan of Correction (POC) that the Department determines is acceptable within 10 calendar days of receipt of the SOD. The Department’s procedures require a review of the POC within 5 working days of receipt to verify that it is acceptable. The facility has a total of 60 days to be back in compliance or risk forfeiting its Medicaid certification.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits we reported the Department did not have adequate internal controls to ensure it conducted timely surveys and followed up on deficiencies. The prior finding numbers were 2023-079 and 2020-054.
Description of Condition
The Department did not have adequate internal controls over and did not comply with survey requirements for Medicaid nursing home facilities.
The Department uses a tracking spreadsheet as an internal control to monitor and track the survey frequencies as well as the statewide average frequency to ensure it meets the mandated 15.9-month survey frequency, and the statewide average of 12.9 months between surveys for each facility.
We found the Department did not ensure that all recertification surveys were completed promptly. The Department did not adequately monitor the tracking sheet and complete surveys for 19 nursing homes in fiscal year 2024 within the required 15.9 months and did not meet the 12.9 month statewide average. While assessing the Department’s compliance with these requirements, we considered the time period where survey activities were suspended due to the COVID-19 pandemic and did not include that period of suspended activities in our calculation between survey dates. The statewide average is calculated on the federal fiscal year. For federal fiscal year 2024, the statewide average for nursing home surveys was 18.6 months.
Additionally, we noted that three out of 20 surveys reviewed during the fiscal year contained POCs that were reviewed after the five-day period required by the Department.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The public health emergency created a backlog of recertification surveys that needed to be completed and the Department had a shortage of trained employees able to perform surveys which extended the survey timelines.
In addition, management did not monitor its survey schedules adequately to ensure compliance in meeting the survey timeline.
Effect of Condition
Without conducting recertification surveys timely, the State is at risk of paying facilities for services provided to Medicaid clients without assurance the facilities are complying with federal and state health standards and regulations. Clients residing in facilities that do not meet federal health and safety requirements for participating in the Medicaid program could be at increased risk of abuse, mistreatment, neglect or substandard care.
By not meeting the statewide average requirement for recertification surveys, the Department has not met federal Medicaid requirements and could be subject to sanctions by the grantor.
Recommendation
We recommend the Department:
• Establish adequate internal controls to ensure compliance with facility survey timeliness requirements
• Ensure it completes recertification surveys within 15.9 months and meets the 12.9 month statewide average
Department’s Response
The Department partially concurs with the finding.
We do not concur there is a lack of internal controls. It was through applied internal controls we identified concerns and allocated resources to meet the most serious concerns. The Field Manager meets with the Administrative Assistant and reviews the 365-day average report to determine if survey schedules need to be modified in order to meet the federal requirement on a quarterly basis (12.9 and 15.9 month timeline).
In FY 2023 and FY 2024, the team was trying address the backlog but had to prioritize new complaints. However, as the audit noted, there is only one team that handles surveys, complaints, and revisits for the entire state.
The 12.9 month average is based on the overall average of the months for all nursing home surveys, and some of those surveys were in a significant backlog due to the pandemic. The Department continues to show progress in shortening the recertification survey intervals. For the reporting period of June 2024 through September 2025, the federal Certification and Survey Provider Enhanced Reporting tool (CASPER) has indicated that the Department’s survey average intervals are currently at 13.3 months, which is significant improvement from the 19.8 months in FY23 and FY24.
Regional Administrators have met with their Nursing Home teams to look ahead at survey scheduling for the year to ensure teams will be able to meet targeted survey completion dates and meet the 15.9 and 12.9 timeframes by December 2025.
Auditor’s Remarks
We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HHS Awards, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR, Part 488 Subpart E, Survey and Certification of Long-Term Care Facilities, states in part:
Section 488.308 Survey frequency.
(a) Basic period. The survey agency must conduct a standard survey of each SNF and NF not later than 15 months after the last day of the previous standard survey.
(b) Statewide average interval.
(1) The statewide average interval between standard surveys must be 12 months or less, computed in accordance with paragraph (d) of this section.
(2) CMS takes corrective action in accordance with the nature of the State survey agency's failure to ensure that the 12-month statewide average interval requirement is met. CMS's corrective action is in accordance with § 488.320.
(d) Computation of statewide average interval. The statewide average interval is computed at the end of each Federal fiscal year by comparing the last day of the most recent standard survey for each participating facility to the last day of each facility's previous standard survey.
The Centers for Medicare and Medicaid Services, State Operations Manual, Chapter 2 – The
Certification Process, states in part:
2138G – Schedule for Recertification
The SA completes a recertification survey an average of every 12 months and at least once every 15 months (see Section 2141)
2728 – Statement of Deficiencies and Plan of Correction, Form-2567
The SA mails the provider/supplier a copy of form CMS-2567 within 10 working days after the survey. If there are deficiencies, the SA allows the provider/supplier 10 calendar days to complete and return the PoC. Requirements pertaining to submittal of the PoC can be found in subsection B.
The Department of Social and Health Services, Residential Care Services Division Standard
Operating Procedure: Enforcement Chapter 7B3, states in part:
Background
The Department will review the ePOC within 5 working days of receipt and will verify that it is acceptable. The NH may specify in the ePOC that they are not in agreement with the findings within the SOD report but this does not alter the NH’s responsibility to submit an acceptable ePOC.
Off-site POC Review
The Surveyor will:
1. Review the ePOC within five (5) working days of receipt and confirm that
the POC for each deficiency includes:
a. How the NH will correct the deficiency for each numbered resident;
b. How the NH will protect residents from similar situations;
c. Measures the NH will take or the systems it will change to ensure that
the problem does not recur;
d. How the NH plans to monitor its ongoing performance to sustain
compliance;
e. Dates corrective action will be completed; and
f. Title of person responsible for correction
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-080 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of Health Care Providers and Suppliers
93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance Program
Federal Grantor Name: U.S. Department of Health and Human Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Inpatient Hospital and Long-Term Care Facility Audits
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-081
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the Medicaid program spent more than $20.6 billion in federal and state funds, including more than $380 million to hospitals for inpatient services.
The Health Care Authority, the state Medicaid agency, pays for inpatient services to hospitals by using rates that are economic, efficient and in accordance with the state plan. Federal law requires the Authority to periodically audit the financial and statistical records of participating providers, as established in the state plan.
The Medicaid State Plan, Attachment 4.19, lists the financial audit requirements for establishing payment rates for inpatient hospital services. Before January 1, 2024, the plan said that cost report data used for rate setting may be periodically audited, and hospital billings and other financial and statistical records will be periodically audited. Beginning January 1, 2024, the plan was amended and now says that the financial and statistical records of participating providers will be periodically reviewed and audited by the Authority as necessary. Washington Administrative Code also says that the Authority will periodically audit cost report data used for rate setting, hospital billings, and other financial and statistical records.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services. The prior finding numbers were 2023-081, 2022-060, 2021-051 and 2020-049.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it periodically audited cost report data for rate setting, hospital billings, and other financial and statistical records for inpatient hospital services.
During the audit period, the Authority relied on internal audit reviews of provider claims to satisfy this requirement. These reviews of claims focused on identifying overpayments using hospital records. However, the Authority did not periodically audit cost report data used for rate setting, hospital billings, or other financial and statistical records, which federal law, state regulations and the state plan require.
Additionally, federal law requires the state plan to establish specific audit requirements for the financial and statistical records of participating providers. The Authority does not have documented methodology, policies or procedures that describe when and how the audits will be performed.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority did not establish policies and procedures to ensure it periodically audited cost report data, hospital billings, and other financial and statistical records for inpatient hospital services. The Authority has received findings and recommendations over this requirement for several years, including the fiscal year 2023 single audit. The Centers for Medicare and Medicaid Services has reviewed and concurred with the finding results, but the Authority has not implemented sufficient corrective actions to address the issues identified in the prior audit.
Effect of Condition
By not ensuring that it periodically audits cost report data, hospital billings, and other financial and statistical records, the Authority increases its risk of improperly paying for inpatient hospital services.
Recommendation
We recommend the Authority establish and implement adequate internal controls, including policies and procedures, to ensure it meets federal inpatient hospital audit requirements.
Authority’s Response
The Authority does not concur with the finding.
The auditor states the Authority “has not implemented sufficient corrective action to address the issues identified in the prior audit.” The Authority disagrees. It worked with CMS to revise the State Plan twice, updated Washington Administrative Code (WAC) to align with CFR and the State Plan, and updated procedures for both the Hospital Rates and Program Integrity sections. In addition, the Authority has reached out to CMS for technical assistance on two occasions. Following these actions, CMS closed the prior year finding.
The auditor states the Authority “did not establish policies and procedures to ensure it periodically audited cost report data.” The CFR related to this compliance area does not require the Authority to periodically audit cost report data although the Authority has procedures in place to conduct cost report audits if it believes information contained in a cost report is not consistent with reporting requirements.
The auditor states “The Authority does not have documented methodology, policies or procedures that describe when and how the [financial and statistical record] audits will be performed.” The Authority disagrees. The Authority completes a risk assessment to develop its annual audit plan for the financial and statistical records of inpatient hospitals and conducts the audits according to documented policies and procedures. These audits help ensure the data integrity of claims and financial transactions, which impacts the entity’s records used in rate setting. The Authority received guidance from CMS that CMS defers to the states on how these audits are defined.
In addition, the Authority contracts with a public accounting firm to conduct audits of its contracted Disproportionate Share Hospitals (DSH). Those audits include the financial and statistical records of DSH hospitals.
The Authority has taken corrective action on the prior audit findings, consulted with CMS for direction on the requirement for this compliance area, provided for the filing of cost reports, and audited, or contracted for the audit of, the financial and statistical records of inpatient hospitals during the fiscal year.
Auditor’s Remarks
The Medicaid compliance supplement states that specific audit requirements will be established by the state plan. In our judgment, the amendments the Authority made to the state plan do not address this requirement. The amendments state the Authority may choose not to perform required audits of financial and statistical records if it deems them not necessary. Additionally, CMS concurred with the prior year finding 2023-081 in its management decision.
The CFR related to this compliance area does not require an audit of the cost reports, however it does require an audit of the financial and statistical records that the cost reports depend on. After examining the claim reviews performed by the Authority, we have reaffirmed our understanding that they are not audits. These reviews rely on computer queries to identify payment discrepancies. These tests do not ensure that all inpatient hospitals are reviewed and do not ensure that the financial records used in setting inpatient hospital rates are audited. The Authority also does not track inpatient hospitals to ensure that financial and statistical records are reviewed at every one of them.
The external DSH audit the Authority completes utilizes self-reported data on the cost reports to calculate uncompensated care costs. This audit does not include most inpatient hospitals in its population. Additionally, self-reported data can not be used to audit the financial and statistical records of the facilities that submitted the reports.
After reviewing the updated policies and procedures provided by the Authority, and reviewing the actions taken, we found that the claims review process has not changed from the processes reviewed during the 2023 single audit. The Authority has not implemented sufficient corrective actions to ensure the financial and statistical records of inpatient hospitals are audited.
We reaffirm our finding and will review the status of the Department’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Part 447, Payments for Services, section 447.253, Other requirements, states in part:
(a) State assurances. In order to receive CMS approval of a State plan change in payment methods and standards, the Medicaid agency must make assurances satisfactory to CMS that the requirements set forth in paragraphs (b) through (i) of this section are being met, must submit the related information required by § 447.255 of this subpart, and must comply with all other requirements of this subpart.
f. Uniform cost reporting. The Medicaid agency must provide for the filling of uniform cost reports by each participating provider.
g. Audit requirements. The Medicaid agency must provide for periodic audits of the financial and statistical records of participating providers.
i. Rates paid. The Medicaid agency must pay for inpatient hospital and long-term care services using rates determined in accordance with methods and standards specified in an approved State plan.
Medicaid State Plan, Attachment 4.19-A Part I Methods and Standards for Establishing Payment Rates for Inpatient Hospital Services, page 60 states in part:
3. Financial Audit Requirements
Cost report data used for rate setting may be periodically audited.
Hospital billings and other financial and statistical records will be periodically audited by the agency.
Washington Administrative Code (WAC) 182-550 – Hospital services specifies requirements for the Authority regarding hospitals providing Medicaid services.
WAC 182-550-5410 – CPE Medicaid cost report and settlements, states in part:
4. The Medicaid cost report schedules and supporting documentation are subject to audit by the agency or its designee to verify that claimed costs qualify under federal and state rules governing the CPE payment program. The documentation required includes, but is not limited to:
a. The revenue codes assigned to specific cost centers on the Medicaid cost report schedules.
b. The inpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
c. The outpatient charges by revenue codes for uninsured patients and Medicaid clients enrolled in an MCO plan.
d. All payments received for the inpatient and outpatient charges in (b) and (c) of this subsection including, but not limited to, payments for third party liability, uninsured patients, and Medicaid clients enrolled in an MCO plan.
WAC 182-550-5700 Hospital reports and audits, states in part:
(4) The agency will periodically audit the financial and statistical records of participating providers as needed.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-081 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Assistance Listing Number and Title: 93.775 State Medicaid Fraud Control Units
93.777 State Survey and Certification of
Health Care Providers and Suppliers
93.777 COVID-19 State Survey and
Certification of Health Care Providers and
Suppliers
93.778 Medical Assistance Program
93.778 COVID-19 Medical Assistance
Program
Federal Grantor Name: U.S. Department of Health and Human
Services
Federal Award/Contract Number: 2305WA5MAP; 2305WA5ADM; 2305WAIMPL; 2405WA5MAP; 2405WA5ADM
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Utilization
Control
Known Questioned Cost Amount: None
Prior Year Audit Finding: Yes, Finding 2023-082
Background
Medicaid is a jointly funded state and federal partnership providing coverage for about 2.5 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington’s largest public assistance program and usually accounts for about one-third of the State’s federal expenditures. During fiscal year 2024, the program spent more than $20.6 billion in federal and state funds.
Under federal regulations, Medicaid state plans must include methods and procedures to safeguard against unnecessary utilization of care and services. The regulations require states to implement a statewide surveillance and utilization control program that:
• Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
• Assesses the quality of those services;
• Provides for the control of the utilization of all services provided under the plan; and
• Provides for the control of the utilization of inpatient services
Multiple state agencies in Washington manage aspects of the Medicaid program. The agencies include the Health Care Authority, Department of Social and Health Services, Department of Health, Office of the Attorney General, and Department of Children, Youth, and Families. The Centers for Medicare and Medicaid Services (CMS) considers the Authority to be Washington’s official Medicaid agency. Federal regulations require the Medicaid agency to:
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Federal regulations also require the Medicaid agency to have procedures for the ongoing evaluation, on a sample basis, of the need for, quality, and timeliness of Medicaid services. These reviews must occur on a post-payment basis so that the state can review beneficiary utilization and provider service profiles, as well as identify exceptions so that the Authority can correct misutilization practices of beneficiaries and providers.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
In prior audits, we reported the Authority did not have adequate control over and did not comply with utilization requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program. The prior finding numbers were 2023-082, 2022-061, 2021-050, 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047. We determined the Authority to have resolved finding numbers 2020-047, 2020-048, 2019-052, 2019-053, and 2018-047.
Description of Condition
The Authority did not have adequate internal controls over and did not comply with requirements to ensure it performed procedures to safeguard against unnecessary utilization of care and services for the Medicaid program.
Washington’s Medicaid state plan asserted it met utilization and quality control requirements directly, but its policies and procedures did not fully address these requirements.
We found that the Authority performs various types of program integrity and control utilization
reviews, but in our judgment, these efforts did not meet requirements of evaluating the appropriateness and quality of Medicaid services on a post-payment basis.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
Cause of Condition
The Authority has a Program Integrity unit that is responsible for safeguarding against unnecessary utilization of care and services for the Medicaid program. However, the Program Integrity unit does not have sufficient policies and procedures to adequately ensure the Authority has met all the compliance requirements for which it is responsible. These requirements include implementing and monitoring the statewide utilization control program, which includes overseeing and monitoring the activities of other state agencies. Additionally, the Program Integrity unit’s scope of reviews does not include post-payment review, on a sample basis, of the need for, quality, and timeliness of Medicaid services.
Furthermore, the federal grantor sustained the prior audit finding for utilization control through issuance of a management decision letter to the Authority. Despite this, the Authority has not implemented adequate internal controls to ensure compliance with all requirements.
Effect of Condition
By not establishing adequate methods and procedures to safeguard against unnecessary utilization of care and services, there is an increased risk of unnecessary or inappropriate use of Medicaid services and payments.
Furthermore, the Authority did not meet federal program integrity requirements, and it could be
subject to federal sanctions because it has not established a statewide surveillance and utilization
program and does not meet the utilization and quality control requirements directly as asserted in the Medicaid state plan.
Recommendation
We recommend the Authority:
• Implement policies and procedures to sufficiently include all the methods and procedures necessary to safeguard against unnecessary utilization of care and services
• Implement and monitor a statewide surveillance and utilization control program
• Implement adequate internal controls to ensure it complies with utilization control requirements
Authority’s Response
The Authority concurs with the finding and continues to develop and implement its statewide surveillance and utilization control program. The Authority will continue to develop its policies and procedures and document its internal controls.
Auditor’s Remarks
We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority’s corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes
the requirements for auditees to maintain internal controls over federal programs and comply with
federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart A, General Provisions states in part:
Section 456.1 Basis and purpose of part.
(a) This part prescribes requirements concerning control of the utilization of Medicaid services including –
(1) A statewide program of control of the utilization of all Medicaid services; …
(b) The requirements in this part are based on the following sections of the Act. Table 1 shows the relationship between these sections of the Act and the requirements in this part.
(1) Methods and procedures to safeguard against unnecessary utilization of care and services. Section 1902(a)(30) requires that the State plan provide methods and procedures to safeguard against unnecessary utilization of care and services. …
Section 456.2 State plan requirements.
(a) A State plan must provide that the requirements of this part are met.
(b) These requirements may be met by the agency by:
(1) Assuming direct responsibility for assuring that the requirements of this part are met; or
(2) Deeming of medical and utilization review requirements if the agency contracts with a QIO to perform that review, which in the case of inpatient acute care review will also serve as the initial determination for QIO medical necessity and appropriateness review for patients who are dually entitled to benefits under Medicare and Medicaid. …
Section 456.3 Statewide surveillance and utilization control program.
The Medicaid agency must implement a statewide surveillance and utilization control program that –
(a) Safeguards against unnecessary or inappropriate use of Medicaid services and against excess payments;
(b) Assesses the quality of those services;
(c) Provides for the control of the utilization of all services provided under the plan in accordance with subpart B of this part; and
(d) Provides for the control of the utilization of inpatient services in accordance with subparts C through I of this part.
Section 456.4 Responsibility for monitoring the utilization control program.
(a) The agency must –
(1) Monitor the statewide utilization control program;
(2) Take all necessary corrective action to ensure the effectiveness of the program;
(3) Establish methods and procedures to implement this section;
(4) Keep copies of these methods and procedures on file; and
(5) Give copies of these methods and procedures to all staff involved in carrying out the utilization control program.
Section 456.5 Evaluation criteria.
The agency must establish and use written criteria for evaluating the appropriateness and quality of Medicaid services. This section does not apply to services in hospitals and mental hospitals. For these facilities, see the following sections: §§ 456.122 and 456.132 of subpart C; and § 456.232 of subpart D.
Title 42 CFR Subchapter C Medical Assistance Programs Part 456, Utilization Control, Subpart B, Utilization Control: All Medicaid Services states in part:
Section 456.21 Scope.
This subpart prescribes utilization control requirements applicable to all services provided under a State plan.
Section 456.22 Sample basis evaluation of services.
To promote the most effective and appropriate use of available services and facilities the Medicaid agency must have procedures for the on-going evaluation, on a sample basis, of the need for and the quality and timeliness of Medicaid services.
Section 456.23 Post-payment review process.
The agency must have a post-payment review process that –
(a) Allows State personnel to develop and review –
(1) Beneficiary utilization profiles;
(2) Provider service profiles; and
(3) Exceptions criteria; and
(b) Identifies exceptions so that the agency can correct misutilization practices of beneficiaries and providers.
Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-061 Edmonds College did not have adequate controls over reporting for its Head Start Program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03; 10CH012034-03-01
10CH012034-03-02;10CH012034-03-03
10CH012034-03-00
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Reporting
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers. In fiscal year 2024, the College spent $7,241,517 in Head Start funds.
The College is required to submit a SF-425 federal financial report to the federal grantor every six months for an open grant award and also at the closing of a grant award. This report includes information like the federal grant number, the recipient organization, grant period, reporting period end date, basis of accounting, a summary of revenue and expenditures and recipient share of expenditures related to the grant during the award period.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate controls over reporting for its Head Start Program.
During the fiscal year, the College submitted six SF-425 reports. The Executive Director for the College’s Head Start program compiled and submitted the SF-425 reports without additional review by other College staff.
We used a nonstatistical sampling method to randomly select and examine four out of a total population of six reports. We found that for two of the reports, the recipient share was underreported by $1,981 (less than 1% of the recipient share of expenditures) and $28,187 (3% of the recipient share of expenditures).
We consider this internal control deficiency to be a significant deficiency.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The Executive Director for the program believed that a secondary review of the report was unnecessary. Additionally, the College did not retain the documentation to support the recipient share of expenditures reported at the time of the report submission. This amount is comprised of data received from each childcare site and some data was not received timely, causing the amounts to not match the reported amount on the SF-425 report.
Effect of Condition
Without adequate internal controls, the College risks not submitting accurate and complete SF-425 reports. Inaccurate reports could affect future funding from the federal grantor.
Recommendations
We recommend the College:
• Establish internal controls over the preparation and submission of the SF-425 report to ensure compliance
• Retain documentation it used at the time to complete the SF-425 report
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) and acknowledges the finding of inadequate controls over the Head Start Program’s Federal Financial Reporting (FFR) submissions, and commits to documenting and strengthening internal controls and the retaining of the back-up documentation for submitted SF-425 reports.
Prior to the government’s requirement for 2FA and biometric authentications in order to access Payment Management Services (PMS) SF-425 reports were compiled and submitted by college business office personnel who did not pursue these additional authentications and subsequently lost access to PMS. In the absence of college business office personnel to compile and submit these reports and in an effort to submit timely reports, the Executive Director sought and acquired access to PMS and compiled and submitted the reporting in the same manner as had previously been done.
While the College acknowledges that a final review was not completed prior to the electronic certification and submission of these reports, there were a series of reviews of the data provided to, and used by, the Executive Director in populating the SF-425 reporting.
Due to the constraints of the database that is used to report the non-federal share, the reports used are dynamic and cumulative and the College did not have a process in place to maintain a point in time copy. This led to a mismatch between what the College could provide at the time of the audit and what was reported in the SF-425. The College acknowledges the need to retain the point in time reports that support what is reported in the SF-425 and commits to doing so moving forward.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 75, section 341, Financial reporting, states:
Unless otherwise approved by OMB, the HHS awarding agency may solicit only the standard, OMB-approved government-wide data elements for collection of financial information (at time of publication the Federal Financial Report or such future collections as may be approved by OMB and listed on the OMB Web site). This information must be collected with the frequency required by the terms and conditions of the Federal award, but no less frequently than annually nor more frequently than quarterly except in unusual circumstances, for example where more frequent reporting is necessary for the effective monitoring of the Federal award or could significantly affect program outcomes, and preferably in coordination with performance reporting.
Federal Reporting of Standard Forms 425 and 428, ACF-PI-OHS-24-01, states in part:
Submission of Federal Financial Report SF-425
All Head Start recipients are required to submit financial reports detailing the expenditures incurred for their awards. Filing requirements for most recipients are satisfied using the Federal Financial Report SF-425. Recipients currently submit three SF-425 reports for a 12-month budget period.
Generally, awards are for a 12-month budget period. Semi-annual and annual reports are cumulative, covering either 6 or 12 months of expenditures, respectively.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-062 Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Protection of Federal Interest in Real Property and Facilities
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
To protect federal interest in real property and facilities, federal regulations require a notice of federal interest to be included in property lease agreements and for it to be recorded in the official real property records for the county where the facility is located. The College works with the Department of Enterprise Services (DES) to draft and execute these lease agreements. Furthermore, DES typically files these agreements to be recorded in the official real property records for the proper county.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with protection of federal interest requirements for its Head Start program.
During the fiscal year, the College executed one new lease with major renovations utilizing Head Start funds. We determined the lease agreement contained the proper information for the notice of federal interest. However, the College fully executed the lease agreement on January 3, 2024, but did not file it with the official real property records by the end of the fiscal year, almost six months later.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College did not have a process in place to ensure it filed the notice of federal interest in the official real property records. College management said DES files these quarterly; however, due to staff shortages, DES is behind in filing them.
Effect of Condition
The purpose of filing the lease agreement with the notice of federal interest with the official real property records is to help protect the grantee’s interest as well as the federal government’s interest in a real property. The College put this at risk when it did not ensure the lease agreement was properly filed.
Recommendation
We recommend the College establish adequate internal controls to ensure the notice of federal interest is filed in the official real property records.
College’s Response
Due to staff turnover at both the Department of Enterprise-DES (WA State Real Estate Services) and Edmonds College, the lease was not submitted to the proper jurisdiction for recording of federal interest.
On December 28, 2023, the Head Start Executive Director received an unsigned copy of the final lease for a major renovation project with the Office of Head Start Lease Rider attached as exhibit C in the lease package from DES. She was asked to do a final review. The lease was signed by Edmonds College President and sent to DES for signing and submission to the recording jurisdiction. Through this audit it was discovered that the lease was never recorded due to a DES backlog. Edmonds College has put a procedure in place, in conjunction with DES, to ensure this does not happen again.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
Title 45 CFR Part 1303, section 47, Contents of notices of federal interest, states in part:
(b) Facility leased by a grant recipient.
(1) A notice of federal interest for a leased facility, excluding a modular unit, on land the grant recipient does not own, must be recorded in the official real property records for the jurisdiction where the facility is located and must include:
(i) The grant recipient's correct legal name and current mailing address;
(ii) A legal description of affected real property;
(iii) The grant award number, amount and date of initial funding award or initial use of base grant funds for major renovation;
(iv) Acknowledgement that the notice of federal interest includes any Head Start funds subsequently used to make major renovations on the affected real property;
(v) A statement the facility and real property will only be used for purposes consistent with the Act and applicable Head Start regulations; and,
(vi) A lease or occupancy agreement that includes the required information from paragraphs (b)(1)(i) through (v) to serve as a notice of federal interest.
2024-063 Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10HE000919-01
10CH012034-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Test and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Edmonds College, which administers this program in Snohomish County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College must establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The Board of Trustees has empowered the College’s President’s Leadership Team (PLT) to fulfill the responsibilities defined in the Head Start Act. As such, the PLT acts as the governing body for the College’s Head Start program.
The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, all funding applications, the Head Start annual report, and major expenditures are required to be approved by the governing body. Finally, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
Edmonds College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
While the College asserted the PLT was the governing body over the College’s Head Start program, we determined the PLT does not meet the definition or conflict of interest requirements of the governing body as outlined in the Head Start Act. Instead, the College’s Board of Trustees meet this requirement and we performed testing to ensure compliance with the Board of Trustees as the governing body.
We reviewed five out of 12 months of the fiscal year to confirm the College shared the monthly financials and credit card statements as required. We found:
• The Board of Trustees did not receive this information for all five (100%) months.
• The Policy Council did not receive monthly financial statements for three (60%) months and did not receive a credit card statement for one (20%) month.
The College also had written procedures that identify major financial expenditures, but it identified that they are approvable by the PLT, not the Board of Trustees. We identified $438,594 in major expenditures that the Board of Trustees did not approve. In addition, there was one funding application and one annual report during the audit period approved by the PLT, but not the Board of Trustees.
Also, during the fiscal year, the College did not provide training to the Board of Trustees. For the Policy Council, we determined the population the College provided may not be a complete and accurate list for active members during the fiscal year. It was decided that we would test the eight members provided and identified five (63%) did not receive the training.
We consider this internal control deficiency to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
The College believes the PLT fulfills the requirements as the governing body for Head Start. As such, procedures the College develop require the PLT to receive the monthly financial statements and credit card expenditures, approve major expenditures, funding application, and the annual report.
In addition, the College did not have adequate controls in place to track the new policy council members and ensure all members received the necessary training.
Effect of Condition
The approval of monthly financial information, major expenditures, funding applications, and the annual report with the Board of Trustees and policy council is to ensure proper governance over the College’s Head Start program. The lack of compliance over these requirements puts the College and the program at risk of having insufficient fiscal and programmatic oversight.
In addition, the Board of Trustees and Policy Council cannot adequately govern this program without receiving the proper, required training to ensure they are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program.
Recommendations
We recommend the College establish internal controls to ensure:
• The Board of Trustees fulfills all requirements of the governing body, including receiving and approving:
o The required monthly financial and credit card statements every month
o The required major financial expenditures when approval is needed
o Any funding applications
• The Policy Council receives and approves the required monthly financial and credit card statements every month
• All new members of the Board of Trustees and policy council receive training within the required 180 days
College’s Response
Edmonds College thanks the State Auditor’s Office (SAO) for their time and acknowledges the finding of inadequate controls over and noncompliance with program governance requirements for its Head Start program.
Since at least 2011 Edmonds College’s Head Start’s “Leadership Council Bylaws and Governance Manual” has been in place and has described the relationship by and between the College’s Board of Trustees (BOT) and the PLT (which was previously known as President’s Cabinet in that manual) as it relates to the delegation of the responsibilities of the Governing Body. As a result of the SAO’s recent audit, SAO's concerns about the delegation of the responsibilities of the Governing Body to the PLT and the resulting conflict of interest (COI) was brought to light. The College now wishes to take the opportunity to explore their options as to the Governing Body and the resulting COI.
After exploring options the College will take all necessary steps to fully comply with program governance requirements for its Head Start program.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
Title 42 U.S Code 9837, Powers and Functions of Head Start Agencies, state in part:
(c) Program Governance - Upon receiving designation as a Head Start agency, the agency shall establish and maintain a formal structure for program governance, for the oversight of quality services for Head Start children and families and for making decisions related to program design and implementation. Such structure shall include the following:
(1) GOVERNING BODY
(C) Conflict of interest Members of the governing body shall—
(i) not have a financial conflict of interest with the Head Start agency (including any delegate agency);
(ii) not receive compensation for serving on the governing body or for providing services to the Head Start agency;
(iii) not be employed, nor shall members of their immediate family be employed, by the Head Start agency (including any delegate agency) ; and
(iv) operate as an entity independent of staff employed by the Head Start agency.
(E) RESPONSIBILITIES- The governing body shall—
(iv) be responsible for other activities, including--
(II) establishing procedures and criteria for recruitment, selection, and enrollment of children;
(III) reviewing all applications for funding and amendments to applications for funding for programs under this subchapter;
(VII) approving financial management, accounting, and reporting policies, and compliance with laws and regulations related to financial statements, including the--
(aa) approval of all major financial expenditures of the agency;
(d) Program Governance Administration-
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including-
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-064 Skagit Valley College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH011185-04; 10CH011185-05; 10WH000017-01
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including Skagit Valley College, which administers this program in Skagit County. Its programs provide center-based programs for three- and four-year olds as well as home-based programs for infants and toddlers.
The College is required to establish and maintain a formal structure for program governance that includes a governing body and a policy council. The governing body is legally and fiscally responsible for administering and overseeing the College’s Head Start program. The governing body for the College is the Board of Trustees. The policy council is comprised of parents of children enrolled in the College’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives.
To assist in these responsibilities, the College is required to share monthly financial statements, including credit card expenditures, with the governing body and policy council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
The College did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
We reviewed all 12 months of the fiscal year to confirm if the College shared the monthly financial and credit card statements as required. We found the Board of Trustees did not receive this information for five (42%) months. The College communicated the monthly financial statements for the prior month during the seven monthly Board meetings held during this year. However, it did not provide the required monthly financial and credit card statements to the Board of Trustees for the five months in which the Board did not meet. We confirmed the College provided the information to the policy council for all 12 months.
During the fiscal year, one member was added to the Board of Trustees. College management confirmed this member did not attend a training but said they received the training material covering the required topics within the 180-day requirement. However, the College was not able to provide documentation to support this.
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
College management incorrectly believed providing the monthly financial statements to one Board member, who is a liaison to the policy council, each month fulfilled its requirement to share the financial information to the entire Board.
In addition, the College did not maintain documentation to support that the new Board member received the necessary training.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts the College and the Head Start program at risk of having insufficient fiscal oversight.
Recommendations
We recommend the College establish adequate internal controls to ensure:
• The Board receives the required monthly financial and credit card statements every month
• All new Board members receive training within the required 180 days
College’s Response
We acknowledge and accept the auditor’s findings regarding program governance for the Head Start program. SVC has reviewed and strengthen current internal controls to ensure the Board receives the required monthly financial and credit card statements every month and all new Board Members receive training within the required 180 days. The delayed financial reporting was a result of aligning submission timelines with the Board’s bi-monthly meeting schedule, rather than a failure to provide the necessary documentation. All required financial reports and credit card statements were prepared and available during the period in question but were formally transmitted according to the Board’s meeting schedule. Recognizing the need for more frequent updates, we have already implemented a revised reporting procedure to ensure that monthly reports are provided to the Board, regardless of scheduled meetings. Additionally, adjustments have been made to strengthen the Board member training process, ensuring compliance with governance requirements. These corrective actions, as detailed in the attached document, have been fully implemented as of February 2025.
Auditor’s Remarks
We thank the College for its cooperation and assistance throughout the audit. We will review the status of the College's corrective action during our next audit.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and policy council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the policy council, about program planning, policies, and Head Start agency operations, including –
A. monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.
2024-065 The Community Colleges of Spokane did not have adequate controls over and did not comply with program governance requirements for its Head Start program.
Assistance Listing Number and Title: 93.600 Head Start
Federal Grantor Name: Department of Health and Human Services
Federal Award/Contract Number: 10CH012101-02, 10CH012101-03
Pass-through Entity Name: None
Pass-through Award/Contract Number: None
Applicable Compliance Component: Special Tests and Provisions: Program Governance
Known Questioned Cost Amount: None
Prior Year Audit Finding: N/A
Background
The U.S. Department of Health and Human Services, through the Office of Head Start at the Administration for Children and Families, administers the Head Start and Early Head Start Programs. Head Start offers free, federally funded programs designed to promote school readiness for low-income children by enhancing children’s cognitive, social and emotional development.
In Washington, Head Start funding is provided directly to various community colleges, including the Community Colleges of Spokane (CCS), which administers this program in Spokane County. Its programs provide center-based programs for children 6-weeks through 5-years old, as well as limited home-based services for infants and toddlers.
CCS must establish and maintain a formal structure for program governance that includes a governing body and a Policy Council. The governing body is legally and fiscally responsible for administering and overseeing the CCS’s Head Start program. The governing body for CCS is the Board of Trustees. The Policy Council is comprised of parents of children enrolled in the CCS’s Head Start program and is responsible for the direction of the program, including program design and operation, and short-term planning goals and objectives. The Policy Council elects alternates that may act on behalf of absent Policy Council members at its monthly meetings. In the absence of a voting member, an alternate will be included when determining if quorum is met and will vote on Head Start matters. A Trustee is appointed to serve as liaison to the Policy Council during their meetings and reports back to the Board at its next meeting.
To assist in these responsibilities, CCS is required to share monthly financial statements, including credit card expenditures, with the governing body and Policy Council. Also, to effectively oversee program policy, members of both bodies are required to receive training covering, at a minimum, the items in 45 CFR 1302.12(m)(1)(i) through (iii) within 180 days of beginning a term. This training was offered to the Policy Council in October and May during the fiscal year.
Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls.
Description of Condition
CCS did not have adequate internal controls over and did not comply with program governance requirements for its Head Start program.
Sharing monthly financial statements, including credit card expenditures
We used a nonstatistical sampling method to randomly select and examine five months of the fiscal year to confirm if CCS shared the monthly financial statement and credit card expenditures. Also, since the Policy Council does not meet in the summer months, we judgmentally selected and reviewed these three months. We found for all eight (100%) months for the Policy Council and five (100%) months for the Board of Trustees, that the financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the CCS’s accounting system that did not clearly define new monthly expenditures.
Training
During the fiscal year, one new member was appointed to the Board of Trustees and 25 members were voted into the Policy Council, including 8 alternates. We reviewed these 26 members and found:
• Seven (28%) members of the Policy Council did not receive any training during the period
o Of these, two were regular Policy Council members, and five were alternates
• One (100%) member of the Board of Trustees did not receive any training during the period
• Two (8%) members of the Policy Council did not receive the training within 180 of the start of their term
We consider these internal control deficiencies to be a material weakness, which led to material noncompliance.
This issue was not reported as a finding in the prior audit.
Cause of Condition
Head Start program Management did not have adequate controls in place to monitor the training requirement for the Policy Council members, including alternates. CCS did not believe alternates required this training.
In addition, CCS believes that providing training to the Policy Council liaison, who is a Board of Trustees member, fulfilled this requirement for the entire Board.
CCS also believes the year-to-date financial information provided to the Board of Trustees and the Policy Council is sufficient to meet this requirement.
Effect of Condition
The purpose of sharing monthly financial information and training with the Board of Trustees is to ensure that these members are knowledgeable in Head Start policies and procedures and federal regulations to make educated decisions for the program. This puts CCS and the Head Start program at risk of not having sufficient fiscal oversight.
Recommendations
We recommend CCS establish adequate internal controls to ensure:
• The Board and Policy Council receive the required monthly financial and credit card statements every month
• All new Board of Trustees members and Policy Council members receive training within the required 180 days
Community Colleges of Spokane’s Response
We disagree with the auditor’s finding that Community Colleges of Spokane (CCS) has not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. CCS specifically engages their Policy Council and governing board through regular meetings and trainings. The governance model provides for adequate internal controls to meet program requirements.
The model of governance includes an appointed Board of Trustees (BOT) member who regularly attends Policy Council meetings and trainings that address program oversight and fiscal requirements. Additionally, detailed financial, enrollment, and program updates are included as a formal agenda item at the regularly scheduled meetings of the CCS Board of Trustees. The board agenda item provides the board an opportunity review, ask questions and consider approval of the information supplied by program administration. The model of governance employed by CCS provides adequate internal controls to ensure program requirements are met.
The auditors identified exception to our training model and documentation of required trainings. While we agree with the general observation of the auditors regarding missed attendance by some Policy Council members, the more detailed evidence provided to the auditors illustrates our commitment to and evidence of comprehensive trainings that comply with program standards. Specific evidence is provided below.
Compliance with Head Start Program Performance Standards (HSPPS) Training Requirements: Policy Council Training
1. Training Was Provided in Accordance with 45 CFR §1305.2
1. The Head Start Program Performance Standards (HSPPS) require that training be made available to the governing body and Policy Council members, ensuring they understand eligibility requirements, including verification and certification procedures.
1. The regulations do not explicitly require that every individual member be present at a single training session, but rather that the program ensures members have the opportunity to receive and understand the training content.
2. Training was offered and is accessible
1. Our program provided training during scheduled Policy Council meetings, ensuring that members in attendance received the required information.
1. Meeting minutes and handouts were provided to all elected representatives and alternates following the meetings, ensuring that any member unable to attend still had access to the information.
3. Policy Council minutes are shared with parents.
1. To maintain transparency and engagement, Policy Council meeting minutes are made available to all parents after each meeting. This practice ensures that information, including training topics, is widely disseminated to both representatives and the broader parent community.
4. No specific mandate for universal attendance in a single training session
1. 45 CFR §1301.3(e) requires that the program ensure Policy Council members understand their roles and responsibilities, including eligibility. However, it does not mandate that every individual receives the necessary training in a single training session.
1. Our program followed best practice by making the training accessible through multiple means, ensuring that all members had access to eligibility training information.
5. Commitment to continuous improvement
1. In our opinion, we met the regulatory requirements and have adequate controls over program governance. Moreover, we acknowledge the importance of clear documentation and tracking of Policy Council member participation in training sessions and meetings. Therefore, we intend to enhance our internal processes to further document training completion for all members, including those who receive materials after meetings.
Compliance with HSPPS Training Requirements: Board of Trustees Liaison Model
We disagree with the finding that our Board of Trustees (BOT) “Liaison Model” does not meet program requirements. Based on their assertion, we sought clarification from the Office of Head Start (OHS), who clarified that:
“This policy should be interpreted to mean that if all governing body members who have a role in determining eligibility are properly trained, OHS would consider the program to be in compliance with this regulatory requirement.”
1. Consistent with OHS guidance, our program has ensured that all BOT members involved in eligibility decisions have received the required training.
1. BOT Liaison Model and Training Implementation
o Our program uses a liaison model, where a designated BOT member receives Head Start-specific training and serves as a communication bridge between the full Board and the Policy Council.
o This model ensures that a fully trained representative engages with eligibility topics while the broader BOT remains informed through regular updates and formal Board of Trustees meeting agendas.
2. Program Governance Responsibilities and Compliance
o 45 CFR §1301.2 outlines the governance structure, requiring that governing body members understand their oversight role, including eligibility training. The liaison model is consistent with OHS guidance, ensuring that eligibility responsibilities are understood and met by trained decision-makers.
3. Commitment to Continuous Training and Documentation
o As confirmed by OHS, our model is compliant. However, in response to the auditor’s recommendations, we plan to enhance the availability and documentation of training. To that end, additional access to eligibility training materials and multiple means of training will be available to all BOT members.
We maintain that our program has fulfilled the training requirements established in CFR 1302.12. Given the OHS clarification, and the comprehensive nature of our program trainings to the Policy Council and Board of Trustees, CCS maintains a formal structure for program governance that includes a governing body and Policy Council. As such, the recommendations by the auditors are useful suggestions for management; however, they do not accurately represent a material weakness in our program governance models and practice.
We also disagree with the auditor’s finding that CCS did not have adequate internal controls over and did not comply with the program governance requirement relating to “Sharing monthly financial statements, including credit card expenditures.” The auditors represent that the “financial information provided did not include a monthly financial statement and did not include credit card expenditures. Instead, a year-to-date financial statement was provided with a detailed expenditure report from the College’s accounting system that did not clearly define new monthly expenditures.” The auditor’s recommendations are that “The Board and Policy Council receive the required monthly financial and credit card statements every month.”
The auditor’s finding is misleading and incorrect. The Head Start program standards do not prescribe a specific form or format for reporting financial information. Rather, the standards prescribe what should be included in the reports of financial information.
The regular financial reports provided by CCS to the Policy Council and Board of Trustees are comprehensive of all transactions and clearly illustrate all funding available to the program, including all program related expenditures. The financial report is comprehensive and easy to understand. Specifically, the monthly report reconciles to the Head Start financial award (budget), the grant award period, actual expenditures year-to-date for each category of expenditures, and percent of budget spent for the award period. The report is updated monthly to reflect current month spending. Due to the complete nature of the report, all expenditures, including items purchased by credit card, are included in the expenditure line-item totals. Additionally, a note is included on the face of the report that states, “Both a report listing credit card expenditures and a report with greater budget detail are regularly provided to the HS/EHS Board of Trustees liaison and the Policy Council Treasurer. These reports are also available upon request.” The availability and access to this additional information provides additional oversight to CCS’ monthly financial reporting. In addition to the financial reports the auditors received for their test of controls, CCS provided the detailed list of credit card transactions for the audit period. It is our understanding that no exceptions were found in the support of credit card transactions provided to the auditors. All transactions were properly authorized and substantiated with supporting receipts. CCS has extensive internal controls over the authorization, use, reconciliation of credit card expenditures, and incorporates all such expenditures in their regular monthly financial reports.
We contend that the auditor’s finding of material weakness in internal controls is unfounded and incorrect. It appears the auditor’s approach was to identify exception to a specific form of report rather than to consider the substantial compliance with the standards, including the substance of the financial report contents and completeness.
We acknowledge and respect the auditor’s responsibilities to test controls over the program governance requirements of the Head Start program. However, we believe their internal control finding and recommendations illustrate reasonable direction for management to improve and enhance existing practices of the program. The items identified by the auditors do not reflect material weaknesses in internal controls that lead to material noncompliance with program requirements.
Based on our review of the auditor’s recommendations, our commitment to continuous improvement and strong program governance, CCS will enhance documentation of training provided to all BOT members, and additional opportunities will be available for all members to access eligibility training materials. Additionally, CCS will add a current month expenditure column to their existing financial report so both current-month and year-to-date information is presented in the monthly reports. The financial report will also include a supplemental report of credit card expenditures to highlight how credit card expenditures are part of total expenditures presented on the face of the financial report. CCS does not believe it is appropriate to attach program credit card statements to the financial report as recommended by the auditors.
CCS appreciates the thorough review of our Head Start program and adherence to program compliance. In summary, we do not believe that a material weakness in program governance exists; however, management has reviewed the auditor’s recommendations for improvement. CCS is committed to strong program governance. We will maintain adequate controls over the program to ensure CCS continues to meet all Head Start compliance standards.
Auditor’s Remarks
We appreciate CCS’s commitment to comply with federal regulations. CCS stated we found it had not established a formal structure for program governance to oversee the legal and fiscal responsibilities of the Head Start program. This is not an assertion made in the finding. However, we do disagree on CCS’s interpretation of the regulations and its conclusion that CCS is compliant.
Training Requirements
In its response, CCS references training requirements in 45 CFR 1301 and 1305. However, our finding references 45 CFR 1302.12(m), which is clear in stating “a program must train all governing body, policy council, management, and staff who determine eligibility on applicable federal regulations and program policies and procedures.” The BOT and policy council are integral in determining eligibility requirements and developing program policies and procedures for the Head Start program at CCS. We disagree that the CCS’s BOT liaison model fulfills these requirements.
Our testing found that the appointed BOT member did not attend the required training and not all policy council members received the required training during the audit period, as required in 45 CFR 1302.12(m). In determining compliance, we considered all training sessions that included the original and make up session. Also, during the audit, CCS did not assert that sending training material to those not in attendance fulfilled this compliance requirement, therefore, this was not reviewed.
Sharing monthly financial statements, including credit card expenditures
While CCS asserts that each month it provided a year-to-date financial statement and associated expenditures, the financial statement does not include a current month expenditure column. Additionally, the detailed expenditures do not easily identify the current month expenditures or credit card expenditures.
CCS also asserts that we reviewed credit card transactions as part of our testing. We did not review CCS’s use of credit cards as part of our audit.
We reaffirm our finding and will review the status of CCS's corrective action during our next audit. Since CCS interprets certain governance requirements different than our Office, we encourage the College to engage with the Department of Health and Human Services (HHS) during the audit finding resolution process.
Applicable Laws and Regulations
Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements.
Title 45 CFR Part 75, section 516, Audit findings, establishes reporting requirements for audit findings.
Title 45 CFR Part 1302, section 12, Determining, verifying, and documenting eligibility, establishes requirements for training on eligibility for the governing body and Policy Council.
42 U.S. Code 9837(d), Program governance administration, states in part:
(2) CONDUCT OF RESPONSIBILITIES- Each Head Start agency shall ensure the sharing of accurate and regular information for use by the governing body and the Policy Council, about program planning, policies, and Head Start agency operations, including –
(A) monthly financial statements, including credit card expenditures;
The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11.